New Ransomware Group Embargo Launders $34M in Crypto from US Hospital Attacks Since April

Key Points

1. Embargo operates as a ransomware-as-a-service (RaaS) group, primarily targeting US entities like American Associated Pharmacies and Memorial Hospital and Manor in Georgia.

2. The group employs AI-enhanced operations, disabling security tools and removing recovery options before encrypting files, while also using double extortion tactics.

3. TRM Labs identified technical similarities between Embargo and BlackCat, including shared use of the Rust programming language and overlapping wallet clusters.

4. Embargo launders funds through high-risk exchanges and sanctioned platforms, with $13.5 million traced to Cryptnex.net and $18.8 million in victim funds linked to other exchanges.

5. July 2025 saw a 27.2% increase in crypto hack losses, totaling $142 million, with notable breaches including CoinDCX ($44.2 million) and GMX ($42 million).