– TRM Labs reports Embargo ransomware group moved $34M in crypto since April 2024, targeting U.S. hospitals and pharmaceutical networks via RaaS model.
– Embargo likely rebranded BlackCat (ALPHV), sharing Rust-based code, wallet infrastructure, and data leak site structures with prior operation.
– Group employs double extortion tactics, prioritizing U.S. healthcare targets with $1.3M ransom demands and public data leak threats.
– $18.8M remains dormant in unaffiliated wallets while $13.5M flowed through platforms like sanctioned Cryptex.net to obscure origins.
– TRM highlights need for enhanced blockchain monitoring and international cooperation to disrupt ransomware financial networks.
