According to a report from TRM Labs, the Embargo group has collected over $34 million in cryptocurrency ransoms since April 2024, with investigations linking it to the defunct BlackCat/ALPHV operation.
Embargo Group and Cryptocurrency Ransom
TRM Labs reports that the Embargo group has moved over $34 million in crypto ransoms since April 2024, indicating ongoing hacker activity. "Embargo has moved over $34 million in ransom-linked cryptocurrency since April 2024," said TRM Labs. Much of this sum remains unlaundered in unaffiliated wallets.
Dormant Funds: $18.8 Million Still Unmoved
Crypto payments linked to ransomware are a growing concern, impacting sectors with high downtime costs. Dormant funds suggest delays due to laundering complexities or regulatory pressures. The persistent threat from the rebranded group targets sectors like healthcare and manufacturing, mirroring previous attack vectors and highlighting vulnerabilities in these critical industries.
Ransomware Evolution: Embargo's ALPHV/BlackCat Roots
Similar ransomware groups have shifted identities, such as ALPHV/BlackCat's known patterns in targeting, demonstrating a repeated cycle in cyberattacks on essential sectors. These findings support the likelihood of prolonged operational risks in targeted industries, raising concerns over sustained cyber threats.
The Embargo group continues to represent a serious threat in the cyber landscape, with a history linking it to past activities of ALPHV/BlackCat. Dormant funds and active attacks indicate a need for enhanced protection in critical sectors.
