The ransomware group Embargo has been accused of moving over $34 million through crypto payments since April 2024. According to TRM Labs, the group has become a key player in the world of cybercrime.
Embargo's Operations
According to TRM Labs, Embargo operates under a ransomware-as-a-service model, targeting critical infrastructure in the U.S. Victims include medical facilities such as American Associated Pharmacies, Georgia-based Memorial Hospital, and Weiser Hospital in Idaho, with ransom demands exceeding $1.3 million.
Methods of Coercion and Victim Selection
The group employs a double extortion tactic, using system encryption and threats to leak sensitive data to coerce victims into paying the ransom. Embargo prefers sectors where downtime can be costly, such as healthcare and manufacturing.
Regulatory Responses and Changes
The United Kingdom has announced plans to ban ransom payments for public sector bodies and critical national infrastructure operators. The new regime will require victims to report intended payments to authorities. This comes as ransomware attacks have decreased in recent years, yet losses remain significant.
The Embargo group is becoming a notable player in the cyber underworld, employing modern methods and technologies. Increased security measures and regulatory changes may impact their operations, though the threat from such groups persists.
