A relatively new ransomware group known as the “embargo” has become a key player in cybercrime underground, with ransom payments for connections to cryptocurrencies since April 2024.
The embargo operates under a ransomware service (RAAS) model and has hit critical infrastructure in the United States, with targets including hospitals and drug networks, according to Carry out blockchain intelligence company TRM Laboratory.
Victims include relevant U.S. pharmacies, Memorial Hospital and Estates headquartered in Georgia, and Weiser Memorial Hospital in Idaho. The ransom requirement has been reported to reach $1.3 million.
TRM’s investigation shows that the embargo may be a branded version of the infamous BlackCat (ALPHV) operation, which disappeared after allegedly suspected of export scams earlier this year. The two groups use the Rust programming language, operate similar data leakage sites, and overlap through shared wallet infrastructure sharing technologies.
Embargo holds $18.8 million in dormant cryptocurrency
In non-affiliated wallets, approximately $18.8 million in embargoed cryptocurrency gains remain dormant, and one tactical expert believes that the future may be aimed at delaying discovery or exploiting better money laundering situations.
The team uses intermediary wallets, high-risk exchanges and approval platforms, including Cryptex.net, networks to mask the origins of funds. From May to August, TRM traced at least $13.5 million to $13.5 million among various virtual asset service providers, and it can be traced back to $1 million through Cryptex alone.
While not as aggressive as Lockbit or CL0P, the embargo adopts a double ransomware strategy that encrypts the system and threatens to leak sensitive data without paying. In some cases, the group has publicly named individuals or leaked data on their sites to increase stress.
The embargo is primarily targeting sectors with expensive downtimes, including healthcare, commercial services, and manufacturing, and shows preference for U.S. victims, which may be due to their high payment capabilities.
Related: Coinbase faces $400 million in bill after insider phishing attack
UK bans public sector ransomware payments
The UK will Ban ransomware payments For all public sector agencies and key national infrastructure operators, including energy, health care and local councils. The proposal introduces a prevention system that requires victims outside the ban to report expected ransom payments.
The plan also includes a mandatory reporting system where victims need to submit preliminary reports to the government within 72 hours of the attack and submit detailed follow-up within 28 days.
Ransomware Attacks dropped by 35% Last year, according to the chain analysis. The report said it marks the first drop in ransomware revenue since 2022.
Magazine: Stealing cryptocurrency from real users in a 30,000-phone robot farm
