The ransomware group Embargo has rapidly gained notoriety in the cybercrime world, amassing over $34 million in crypto ransom payments since April 2024. Operating on a ransomware-as-a-service (RaaS) model, Embargo has targeted critical U.S. infrastructure, including hospitals and pharmaceutical networks, as reported by TRM Labs. Notable victims include American Associated Pharmacies and Memorial Hospital in Georgia. Ransom demands have reached as high as $1.3 million. TRM's analysis suggests that Embargo may be a rebranded version of the notorious BlackCat (ALPHV) group, sharing technical similarities and wallet infrastructure. Approximately $18.8 million of Embargo's crypto remains inactive in unrelated wallets, likely to evade detection. The group employs a network of intermediary wallets and high-risk exchanges to obscure fund origins. While less aggressive than rivals like LockBit, Embargo uses double extortion tactics, threatening to leak sensitive data if ransoms are not paid. The group primarily targets sectors where downtime is costly, favoring U.S. victims for their higher payment capabilities. Read more AI-generated news on: https://app.chaingpt.org/news