TRM Labs: Ransomware group Embargo has transferred $34 million in cryptocurrency since April

ChainCatcher news, according to Cointelegraph, blockchain intelligence company TRM Labs stated that a ransomware group named Embargo has transferred over $34 million in ransom-related cryptocurrency since April. Embargo currently has approximately $18.8 million in cryptocurrency stored in non-affiliated wallets, and experts believe this strategy may be aimed at delaying detection or taking advantage of better money laundering conditions in the future. Embargo operates under a ransomware-as-a-service (RaaS) model, primarily targeting industries with high downtime costs, including healthcare, business services, and manufacturing, and tends to attack victims within the United States, possibly due to their stronger payment capabilities.

TRM's investigation suggests that Embargo may be a rebranded version of the notorious BlackCat (ALPHV) group, which disappeared earlier this year amid allegations of an exit scam. Although Embargo is not as overtly aggressive as LockBit or Cl0p, it employs a double extortion strategy: encrypting systems and threatening victims with the release of sensitive data if they do not pay. In some cases, the group publicly names victims or leaks data on its website to increase pressure.