Embargo Holds $18.8M in Dormant Crypto
Cybercrime group Embargo is sitting on roughly $18.8 million in crypto proceeds parked in unaffiliated wallets — a move experts believe may be intended to delay detection or wait for more favorable laundering conditions.
The group operates through a web of intermediary wallets, high-risk exchanges, and sanctioned platforms, including Cryptex.net, to mask the origins of its funds. Between May and August, blockchain analytics firm TRM traced at least $13.5 million moving through various virtual asset service providers, with more than $1 million flowing through Cryptex alone.
Though not as aggressive as groups like LockBit or Cl0p, Embargo employs double-extortion tactics — encrypting victims’ systems and threatening to leak sensitive data if ransoms go unpaid. In some cases, the group has publicly named individuals or posted stolen data on its site to increase pressure.
Embargo’s attacks tend to focus on industries where downtime is especially costly, such as healthcare, business services, and manufacturing, with a marked preference for U.S.-based targets due to their higher likelihood of paying.
UK to Ban Ransomware Payments in Public Sector
The UK government plans to prohibit ransomware payments for all public sector entities and critical national infrastructure operators — including those in energy, healthcare, and local government. The proposal also establishes a prevention framework requiring other victims outside the ban to report any intended ransom payments.
Under the plan, victims must submit an initial incident report within 72 hours of an attack, followed by a detailed report within 28 days.
According to Chainalysis, ransomware attacks fell by 35% last year, marking the first decline in ransomware revenues since 2022.