– Ransomware group Embargo has extorted $34M via crypto since April 2024, targeting U.S. healthcare and critical infrastructure with $1.3M ransom demands.
– Operating as ransomware-as-a-service (RaaS), Embargo employs double-extortion tactics and shares infrastructure with suspected predecessor BlackCat (ALPHV).
– $18.8M in dormant wallets and laundering through high-risk exchanges highlight Embargo’s evasion strategies amid declining ransomware revenues.
– UK plans to ban public sector ransom payments and enforce 72-hour attack reporting to combat escalating cyber threats from groups like Embargo.
