A ransomware outfit known as Embargo has processed about $34.2 million in cryptocurrency since emerging in April 2024, with victims concentrated in the United States and spanning healthcare, business services, and manufacturing, blockchain intelligence firm TRM Labs said in a report.
TRM surmises Embargo is likely a rebrand or successor to the BlackCat/ALPHV ransomware operation, citing technical overlaps such as Rust-based malware, a similar leak-site design, and onchain links through shared wallet infrastructure.
The group’s known targets include American Associated Pharmacies, Memorial Hospital and Manor in Georgia, and Weiser Memorial Hospital in Idaho, where ransom demands reached as high as $1.3 million, TRM stated.
Where the money went
TRM traced ransom payments in crypto from victim pay addresses through intermediary wallets to high-risk exchanges, peer-to-peer marketplaces, mixing services, and a now-sanctioned platform, Cryptex.net.
Investigators identified hundreds of deposits totaling about $13.5 million into global virtual asset service providers and roughly 17 deposits totaling just over $1 million via Cryptex.net.
Embargo appears to use mixers sparingly, as TRM flagged only two deposits into the Wasabi service. Meanwhile, about $18.8 million remains idle in unattributed addresses, a tactic investigators say cybercriminals use to disrupt tracing or await more favorable cash-out conditions.
The report adds that Embargo’s ransomware-as-a-service model and subdued branding have helped it scale while avoiding attention, and that the group may be experimenting with AI and machine learning to sharpen phishing lures and mutate malware.
The findings are a reminder that crypto payments and loosely regulated offshore exchanges still sometimes enable large-scale ransomware operations, even as enforcement pressure rises.
Last year, The Block reported that Dark Angels extracted a $75 million bitcoin payment in a single attack, the largest known ransomware ransom at the time. However, data also shows increased crypto exchange crackdowns and higher refusal-to-pay rates have decreased ransomware proceeds. Total ransomware extortion fell 35% in 2024 to $813 million, down from $1.25 billion the previous year, according to Chainalysis.
© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Trade Crypto On Coinhub Exchange
Trade Crypto On Coinhub Exchange
Stay ahead of the market by turning news insights into trading opportunities. With Coinhub Exchange, you can seamlessly buy, sell, and manage your digital assets, all in one secure platform. Take advantage of real-time market insights, deep liquidity, and fast execution for your favorite cryptocurrencies. Don’t just read about it — trade crypto now!
Disclaimer
The content of this article shown by Coinhub News, powered by The Block, is for informational purposes only and should not be construed as financial, legal, tax, or investment advice. Coinhub News and its affiliates are not a licensed financial advisor, legal advisor, broker, or tax advisor, and ... should not be considered as professional advice or a recommendation to engage in any specific investment, legal decision, or financial transaction. Cryptocurrency markets are highly speculative and volatile. Readers should perform their own independent research and consult with a qualified professional before making any financial or legal decisions. The opinions expressed in this article are those of the author and do not necessarily represent the views or opinions of the Company of its affiliates. Additionally, the Company does not make any representations or warranties regarding the accuracy, timeliness, reliability, or completeness of any information in this article. By accessing this content, you acknowledge that any reliance on the information contained in this article is solely at your own risk. The Company is not responsible for any financial losses, legal disputes, or other damages that may arise from reliance on this content or from any investment or legal decisions based on the information provided. Investing in cryptocurrencies involves substantial risks, including the risk of losing your entire investment, and you should carefully consider whether it is appropriate for your circumstances.
Read more
