– Embargo ransomware group has moved $34M in crypto since April 2024, targeting U.S. healthcare and critical infrastructure with up to $1.3M ransom demands.
– Linked to BlackCat (ALPHV) via shared tech, wallets, and tactics, suggesting a rebranded operation exploiting similar ransomware-as-a-service models.
– Uses double extortion and public data leaks to pressure victims, favoring U.S. targets due to higher ransom payment likelihood.
– $18.8M remains dormant in unaffiliated wallets, with funds routed through intermediaries and platforms like Cryptex to obscure origins.
– Blockchain analysis highlights crypto’s role in enabling anonymous, cross-border cybercrime, challenging authorities to trace and freeze illicit funds effectively.
