
A cybercrime group that could possibly be a successor to the BlackCat/Alphv ransomware operation is related to about $34.2 million in cryptocurrency transactions since popping up in mid-2024, researchers mentioned Friday.
Blockchain intelligence firm TRM Labs mentioned the Embargo ransomware gang seems to be “properly resourced and technically succesful,” and its exercise over such a brief span underscores “the group’s rising monetary footprint within the ransomware ecosystem.”
Embargo started to draw scrutiny in late 2024, just some months after BlackCat’s leaders appeared to conduct an exit scam on associates. Echoing different corporations, TRM mentioned the gang “could also be a rebranded or successor operation to BlackCat (ALPHV) based mostly on a number of technical and behavioral similarities,” together with the infrastructure of its crypto wallets.
Like BlackCat, Embargo is a ransomware-as-a-service operation, offering associates with the instruments they should conduct assaults whereas taking a lower of any proceeds.
Embargo, nevertheless, “retains management over core operations — together with infrastructure and cost negotiations,” TRM Labs mentioned. “This mannequin allows risk actors to quickly scale their operations and goal a broad vary of sectors and geographies.”
Healthcare, enterprise providers and manufacturing corporations are major targets. Ransom calls for have been as excessive as $1.3 million, and Embargo is a “extremely superior and aggressive ransomware,” TRM Labs mentioned. The group claimed assaults on a Georgia hospital in November 2024 and a California health system in April 2024.
For now, Embargo isn’t as prolific as teams reminiscent of LockBit, Akira or Clop, TRM Labs mentioned. It usually retains a low profile, and “avoids the overt branding and high-visibility techniques of extra distinguished ransomware teams, reminiscent of triple extortion and sufferer harassment.”
Recorded Future
Intelligence Cloud.