🚨 New Ransomware Gang “Embargo” Moves $34M in Crypto Since 2024 💻💰

A relatively new cybercrime outfit, Embargo, has quickly risen to prominence — moving over $34M in crypto-linked ransom payments since April 2024, according to TRM Labs.

🛑 Key Facts

Operates under a Ransomware-as-a-Service (RaaS) model

Targets critical infrastructure in the US, including:

American Associated Pharmacies

Memorial Hospital & Manor (Georgia)

Weiser Memorial Hospital (Idaho)

Ransom demands up to $1.3M

🔍 Suspected BlackCat Comeback

TRM believes Embargo may be a rebranded version of BlackCat (ALPHV), which vanished after a suspected exit scam earlier this year. Similarities include Rust-based code, identical leak site style, and onchain wallet overlaps.

💵 Follow the Money

$18.8M in proceeds sitting dormant — possibly waiting for “better” laundering conditions

Laundering methods include intermediary wallets, high-risk exchanges, and sanctioned platforms like Cryptex.net

Between May–Aug 2025, $13.5M moved via various exchanges, with $1M+ routed through Cryptex alone

⚠️ Tactics & Targets

Uses double extortion: encrypt data + threaten leaks

Sometimes publicly names victims or leaks personal data to escalate pressure

Focuses on healthcare, business services, and manufacturing — especially US-based companies due to higher payout potential

🏛️ UK Moves to Ban Ransomware Payments

The ban covers public sector & critical national infrastructure, with mandatory reporting: initial report within 72 hours and full report within 28 days

💡 While ransomware attacks fell 35% last year (Chainalysis), Embargo’s rapid rise shows the threat is far from gone — and it’s adapting fast.