The Embargo ransomware group has transferred over 34 million USD in cryptocurrency related to ransom since April and currently holds about 18.8 million USD in isolated wallets.
Embargo operates under a ransomware-as-a-service model, targeting industries with high disruption costs such as healthcare and manufacturing, showing signs of technical connections and operations with the previously notorious BlackCat (ALPHV) group. Their double extortion strategy combines data encryption and threats to publish sensitive information to pressure victims into paying.
MAIN CONTENT
Embargo has transferred over 34 million USD in cryptocurrency related to ransom since April, holding 18.8 million USD in unlinked wallets.
This group uses a ransomware-as-a-service model, focusing on the healthcare, business services, and manufacturing sectors in the United States.
Suspected Embargo is a rebranded version of BlackCat (ALPHV) with double extortion tactics and similar techniques.
How much cryptocurrency has Embargo transferred related to ransom and why do they keep money in isolated wallets?
Embargo has transferred a total of over 34 million USD in cryptocurrency from ransom activities since April of this year. The group currently holds about 18.8 million USD in unlinked wallets, believed to be intended to delay detection or take advantage of more favorable money laundering conditions in the future.
The use of unlinked wallets is a tactic that helps attackers prolong legal processing times as well as enhance the ability to convert the embezzled money. This demonstrates the group's sophistication and deep preparation when implementing measures to conceal the money flow.
What model does the Embargo group operate under and who do they focus on?
Embargo operates under a ransomware-as-a-service (RaaS) model, meaning they develop ransomware software and allow partners to use this service to expand their attack reach.
The group primarily targets industries with high disruption costs such as healthcare, business services, and manufacturing. Notably, victims are mainly organizations in the United States, where the ability to pay ransoms is higher and security systems are often weak in certain fields.
What is Embargo's connection with the BlackCat (ALPHV) ransomware group?
Experts from TRM Labs believe Embargo could be a rebranded version of BlackCat (ALPHV), a cybercrime group that disappeared early this year after a suspected exit scam.
Evidence includes the use of the same Rust programming language, operating similar data leak websites, and using the same on-chain wallet infrastructure. Although not as aggressive as LockBit or Cl0p, Embargo employs a double extortion tactic, encrypting victims' data and threatening to publicly release information if the ransom is not paid.
"The technical overlaps and operational strategies suggest that Embargo is a rebirth in a new form of BlackCat, aimed at maintaining operations and profits in the increasingly competitive ransomware market."
Michael Jones, Head of Cybersecurity Analysis, TRM Labs, 2023
How is Embargo's double extortion strategy implemented?
Embargo employs a double extortion tactic by encrypting the victim's data and simultaneously threatening to publish sensitive information on a website if the ransom is not paid.
This strategy aims to increase psychological pressure on victims to pay quickly. In some cases, the group even publicly discloses the names of victims or leaks data to create widespread alarm in the community, causing other organizations to worry.
Which industries are more likely to become targets of the Embargo group and why?
The group often targets the healthcare, business services, and manufacturing sectors as organizations in these fields typically incur extremely high costs when systems are locked down.
Due to the high cost of losses along with the need for rapid recovery, these organizations often tend to pay ransoms, facilitating a stable and long-term revenue stream for ransomware groups.
Frequently Asked Questions
What is Embargo?
Embargo is a ransomware group operating under the RaaS model, specializing in targeting industries with high disruption costs for extortion.
How much money has this group made from ransom activities?
Has transferred over 34 million USD in cryptocurrency related to ransom, currently holding about 18.8 million USD.
What is the connection between Embargo and the BlackCat (ALPHV) group?
Believed to be a rebranded version of BlackCat with many technical and operational similarities.
What is double extortion?
Including system encryption and threatening to publicly disclose sensitive data to pressure for payment.
Why is the United States the primary target of Embargo?
The United States has many organizations that can bear high ransom costs, making them easy targets for ransomware groups.
Source: https://tintucbitcoin.com/embargo-ransomware-chuyen-34-trieu-usd/
Thank you for reading this article!
Please Like, Comment, and Follow TinTucBitcoin to stay updated with the latest news on the cryptocurrency market and not miss any important information!