Embargo ransomware group moved $34M in crypto since April: TRM Labs
Main Idea
The Embargo ransomware group has moved over $34 million in ransom-linked crypto since April, targeting US hospitals and critical infrastructure, and may be a rebranded version of the BlackCat operation.
Key Points
1. Embargo ransomware group has moved over $34 million in ransom-linked crypto since April, operating under a ransomware-as-a-service (RaaS) model.
2. Victims include American Associated Pharmacies and Georgia-based Memorial, with ransoms reportedly reaching up to $1.3 million.
3. TRM Labs suggests Embargo may be a rebranded version of the infamous BlackCat (ALPHV) operation.
4. Around $18.8 million of Embargo’s crypto proceeds remain dormant in unaffiliated wallets, possibly for future use.
5. The group uses intermediary wallets, high-risk exchanges, and sanctioned platforms like Cryptex.net to obscure fund origins.
6. From May through August, TRM traced at least $13.5 million across various transactions.
7. Embargo has adopted double extortion tactics, threatening to leak data if victims fail to pay.
8. The UK is set to ban ransomware payments for public sector entities, requiring reporting of attacks within 28 days.
9. Ransomware attacks saw a 35% drop last year, marking the first decline in revenues since 2022.
Description
TRM Labs says the Embargo ransomware group has moved over $34 million in ransom-linked crypto since April, targeting US hospitals and critical infrastructure.
Latest News
- Grayscale launches two trusts linked to Sui ecosystem protocols2025-08-12 22:02:24
- Pantera’s bear market Bitcoin call nails 2025 price, silencing cycle skeptics2025-08-12 21:26:56
- Bitcoin holds $118K while ETH, BNB, LINK, UNI aim to extend the altcoin rally2025-08-12 21:21:51
- US prosecutors double down on 10-year sentence for HashFlare co-founders2025-08-12 21:12:58
- Ether futures open interest hits all-time high as ETH price tops $4.5K — Will it last?2025-08-12 20:38:55