Embargo Ransomware Group Moved $34M in Crypto Since April, TRM Labs Reports

Key Points

1. Embargo ransomware group has moved over $34 million in ransom-linked cryptocurrency since April 2024, operating under a ransomware-as-a-service (RaaS) model.

2. Confirmed victims include American Associated Pharmacies and Georgia-based entities, with ransom demands as high as $1.3 million per incident.

3. TRM Labs suggests Embargo could be a rebranded version of the BlackCat (ALPHV) group, which disappeared earlier this year.

4. Around $18.8 million of Embargo’s proceeds remain untouched in unaffiliated wallets, with laundering tactics involving intermediary wallets and high-risk exchanges.

5. Embargo employs double extortion tactics, targeting sectors where downtime is costly, particularly focusing on US-based victims for higher payment capacity.