TRM Labs: Embargo Ransomware Group Transfers $34 Million in Cryptocurrency Since April

PANews reported on August 11th that according to Cointelegraph, blockchain intelligence firm TRM Labs stated that a ransomware group called Embargo has transferred over $34 million in ransom-related cryptocurrency since April. Embargo currently holds approximately $18.8 million in cryptocurrency in unaffiliated wallets, a tactic experts believe may be intended to delay detection or exploit improved money laundering conditions in the future. Embargo operates using a ransomware-as-a-service (RaaS) model, primarily targeting industries with high downtime costs, including healthcare, business services, and manufacturing. It also tends to target victims in the United States, likely due to their greater ability to pay.

TRM's investigation suggests that Embargo may be a rebranded version of the notorious BlackCat (ALPHV) group, which vanished earlier this year after a suspected exit scam. The two groups share technical overlap, using the Rust programming language, operating similar data leak websites, and exhibiting on-chain connections through shared wallet infrastructure. While not as overtly aggressive as LockBit or Cl0p, Embargo employs a dual extortion strategy: encrypting the victim's system and threatening to release sensitive data unless the victim pays. In some cases, the group publicly names victims or leaks data on its website to increase pressure.