A ransomware group known as Embargo has extorted millions of dollars from victims in the U.S., including hospitals, according to research from blockchain intelligence firm TRM Labs.
Here are six things to know from TRM Labs’ report:
- Embargo, which operates under a ransomware-as-a-service model, emerged in April 2024 and has since been tied to an estimated $34.2 million in cryptocurrency transactions, TRM Labs said in an Aug. 8 news release.
- Most victims are in the healthcare, business services and manufacturing sectors, with some ransom demands reaching $1.3 million.
- Notable U.S. victims include American Associated Pharmacies, Memorial Hospital and Manor in Bainbridge, Ga., and Weiser Memorial Hospital in Weiser, Idaho. The group disproportionately targets U.S. organizations, TRM Labs said, likely because they are seen as more able to pay large ransoms.
- Embargo may be a rebranded version of the now-defunct BlackCat gang, according to the report.
- The group launders ransom payments through intermediary wallets, high-risk cryptocurrency exchanges and sanctioned platforms, including Cryptex.net, TRM Labs said.
- Healthcare organizations are particularly attractive targets because operational disruptions can affect patient care, according to TRM Labs.
