TRM Labs: Ransomware organization Embargo transfers $34 million in cryptocurrency since April

According to Cointelegraph, blockchain intelligence firm TRM Labs stated that a ransomware organization called Embargo has transferred over $34 million in ransom related cryptocurrencies since April. Embargo currently has approximately $18.8 million in cryptocurrency stored in non affiliated wallets, and experts believe that this strategy may be aimed at delaying detection or exploiting better money laundering conditions in the future. Embargo operates under the ransomware as a service (RaaS) model, primarily targeting industries with high downtime costs, including healthcare, business services, and manufacturing, and tends to attack victims within the United States, possibly due to their stronger payment capabilities. TRM's investigation suggests that Embargo may be a renamed version of the notorious BlackCat (ALPHV) organization, which disappeared earlier this year due to suspected withdrawal from a scam. These two organizations overlap technically, both using the Rust programming language, operating similar data breach websites, and demonstrating on chain connectivity through shared wallet infrastructure. Although Embargo is not as aggressive as LockBit or Cl0p, it employs a dual ransomware strategy: encrypting the system and threatening victims to leak sensitive data if they do not make payment. In some cases, the organization may publicly name or leak data on its website to increase pressure.