Home NewsBlockchainEmbargo Ransomware Group Linked to $34M in Crypto Payments, TRM Labs Finds

Embargo Ransomware Group Linked to $34M in Crypto Payments, TRM Labs Finds

by Daniel Walker
written by Daniel Walker 0 comments 3 mins read

A new blockchain intelligence report reveals that the Embargo ransomware gang has processed over $34 million in cryptocurrency since April 2024, targeting U.S. hospitals, manufacturers, and service providers.

According to TRM Labs, the Embargo ransomware group has received approximately $34.2 million in illicit crypto transactions since it appeared in April 2024. Victims have been concentrated in the United States, particularly in the healthcare, manufacturing, and business services sectors.

Investigators believe Embargo is likely a rebrand or successor to the infamous BlackCat/ALPHV operation, citing technical similarities such as:

  • Rust-based malware architecture

  • A similar leak-site interface

  • Shared blockchain wallet infrastructure

High-Profile Victims and Multi-Million Dollar Demands

TRM identified American Associated Pharmacies, Memorial Hospital and Manor in Georgia, and Weiser Memorial Hospital in Idaho among Embargoโ€™s victims. In some cases, ransom demands reached $1.3 million.

Tracking the $34 Million Trail

The investigation mapped ransom funds from victim wallets to:

  • High-risk cryptocurrency exchanges

  • Peer-to-peer marketplaces

  • Mixing services

  • The now-sanctioned Cryptex.net platform

TRM reports $13.5 million deposited into global virtual asset service providers, $1 million sent via Cryptex.net, and a relatively low use of mixers, with only two deposits into Wasabi. About $18.8 million remains in dormant addresses, potentially as a tactic to obscure tracking or wait for better cash-out opportunities.

Low Profile, High Impact

TRMโ€™s findings suggest that Embargoโ€™s ransomware-as-a-service model and minimal branding have enabled it to scale while avoiding unwanted attention. The group may also be experimenting with AI and machine learning to create more convincing phishing campaigns and evolve its malware.

Ransomware Threat Still Persists

While ransomware earnings overall have declined โ€” dropping 35% in 2024 to $813 million from $1.25 billion the previous year, according to Chainalysis โ€” cases like Embargo show that crypto payments and loosely regulated exchanges remain key enablers of large-scale attacks.

Last year, Dark Angels reportedly extracted $75 million in Bitcoin from a single attack, marking the largest known ransomware payout to date.

Daniel Walker, who studied Finance and Information Technology at the University of Toronto in Canada, discovered the potential of blockchain technology during his university years and started to study this field in depth. He began his career writing about finance and technology for local media outlets in Canada, focusing on cryptocurrency markets and blockchain technologies.

You may also like

Truth Social Launches โ€œTruth Predictโ€ to Bring Prediction Markets to Users with Crypto.com

Securitize Sets Sights on Nasdaq IPO with $1.25B Valuation, Pioneering Tokenized Finance

OceanPal Launches SovereignAI to Drive NEAR-Based AI and Digital Asset Innovation

Metaplanet Launches $500M Share Buyback to Boost Market Value and Strengthen Bitcoin Treasury

MetaMask Unveils Multichain Accounts as MASK Token Speculation Heats Up

Prenetics Raises $48 Million to Expand Bitcoin Treasury and Scale IM8 Brand