Embargo Ransomware Group Moves $34M in Crypto, Targets US Healthcare

A relatively new ransomware group, Embargo, has emerged as a major cybercrime threat, laundering over $34 million in crypto since April 2024. Operating under a ransomware-as-a-service model, the group has targeted US hospitals and pharmaceutical networks, including American Associated Pharmacies and Memorial Hospital in Georgia. Ransom demands have reached up to $1.3 million, with experts noting similarities to the disbanded BlackCat group.

Embargo holds $18.8 million in dormant crypto, likely to evade detection or exploit future laundering opportunities. The group uses intermediary wallets and high-risk exchanges like Cryptex.net to obscure funds. TRM Labs traced $13.5 million through virtual asset providers, highlighting the group’s sophisticated money-moving tactics.

The UK plans to ban ransomware payments for public sector bodies, including healthcare and energy providers, while requiring mandatory reporting. Despite a 35% drop in ransomware attacks last year, groups like Embargo continue to exploit high-value targets, particularly in the US, where victims are more likely to pay.

ransomwarecybersecuritycryptoEmbargoBlackCathackinghealthcareUSextortionTRM Labs