Embargo ransomware group moved $34M in crypto since April: TRM Labs
Main Idea
The Embargo ransomware group has moved over $34 million in ransom-linked crypto since April, targeting US hospitals and critical infrastructure, and may be a rebranded version of the BlackCat operation.
Key Points
1. Embargo ransomware group has moved over $34 million in ransom-linked crypto since April, operating under a ransomware-as-a-service (RaaS) model.
2. Victims include American Associated Pharmacies and Georgia-based Memorial, with ransoms reportedly reaching up to $1.3 million.
3. TRM Labs suggests Embargo may be a rebranded version of the infamous BlackCat (ALPHV) operation.
4. Around $18.8 million of Embargo’s crypto proceeds remain dormant in unaffiliated wallets, possibly for future use.
5. The group uses intermediary wallets, high-risk exchanges, and sanctioned platforms like Cryptex.net to obscure fund origins.
6. From May through August, TRM traced at least $13.5 million across various transactions.
7. Embargo has adopted double extortion tactics, threatening to leak data if victims fail to pay.
8. The UK is set to ban ransomware payments for public sector entities, requiring reporting of attacks within 28 days.
9. Ransomware attacks saw a 35% drop last year, marking the first decline in revenues since 2022.
Description
TRM Labs says the Embargo ransomware group has moved over $34 million in ransom-linked crypto since April, targeting US hospitals and critical infrastructure.
Latest News
- Crypto debanking is ‘still occurring’ as banks stick to Chokepoint policies2025-08-10 11:34:04
- Embargo ransomware group moved $34M in crypto since April: TRM Labs2025-08-10 08:02:21
- Michael Saylor is not sweating the rise of Ethereum treasury companies2025-08-10 06:29:47
- Vitalik Buterin reclaims 'onchain billionaire' crown as Ether tops $4.2K2025-08-10 04:18:18
- Ethereum co-founder Vitalik Buterin reclaims ‘onchain billionaire’ crown2025-08-10 04:02:45