Embargo Ransomware Hits U.S. Hospitals for $34M in Crypto – TRM Labs
New ransomware group Embargo extracted over $34M in crypto from U.S. hospitals and infrastructure since April, TRM Labs reports.
The Embargo ransomware group has transferred more than $34 million in cryptocurrency from ransom payments since April 2024, targeting U.S. healthcare facilities and critical infrastructure, according to blockchain intelligence firm TRM Labs.
TRM Labs tracked the crypto movements tied to Embargo, which launched operations in April 2024. The group hit several U.S. hospitals, including American Associated Pharmacies, Memorial Hospital and Manor in Georgia, and Weiser Memorial Hospital in Idaho. Individual ransom demands reached $1.3 million per attack.
The ransomware operation may be a rebrand of the BlackCat (ALPHV) group. TRM’s analysis found technical similarities between the two operations, including use of the Rust programming language, similar data leak site structures, and shared wallet infrastructure patterns.
Embargo operates as a ransomware-as-a-service (RaaS) business, maintaining control over core infrastructure and ransom negotiations. The group uses double extortion methods, encrypting victim systems while threatening to leak stolen data. In some cases, Embargo publicly named individuals or released stolen information to pressure victims into paying.
Of the total proceeds, $18.8 million remains in unaffiliated wallets that show no recent activity. Between May and August 2024, TRM Labs traced over $13.5 million flowing through various virtual asset service providers. More than $1 million passed through Cryptex.net during this period.
Embargo emerged after BlackCat’s apparent disappearance earlier in 2024, which security researchers believe was part of an exit scam. The new group demonstrates technical sophistication and uses AI-enhanced tactics for phishing and malware development.
The group focuses on sectors where operational downtime creates significant financial pressure, particularly healthcare, manufacturing, and business services. Most targets are located in the United States, reflecting a strategy to maximize payment likelihood in regions with higher economic capacity and regulatory pressure to restore services quickly.
The information published on CoinRevolution is intended solely for general knowledge and should not be considered financial advice.
While we aim to keep our content accurate and current, we make no warranties regarding its completeness, reliability, or precision. CoinRevolution bears no responsibility for any losses, errors, or decisions made based on the material provided. Always do your own research before making financial choices, and consult with a qualified professional. For more details, refer to our Terms of Use, Privacy Policy, and Disclaimers.
Articles by this author
