The Embargo ransomware group, operating under a ransomware-as-a-service (RaaS) model, has transferred over $34 million in ransom-related cryptocurrency since April 2024, focusing on US hospitals and critical infrastructure. Targeted victims include American Associated Pharmacies and various healthcare institutions. Ransom demands have reportedly reached as high as $1.3 million. Investigations suggest Embargo may be a rebrand of the BlackCat (ALPHV) operation, as both use similar technologies and exhibit onchain connections through shared wallet systems. Additionally, approximately $18.8 million of Embargo's funds remain inactive in various wallets, which experts believe may be a strategy to prolong detection efforts. The group employs double extortion tactics, encrypting systems and threatening data leaks to compel payment from victims, particularly in sectors where downtime is costly. Meanwhile, the UK government is considering a ban on ransomware payments for public sector entities, adding a layer of complexity to the ongoing battle against ransomware attacks.

Source šŸ”—