-
Back to menu
Prices
-
Back to menu
-
Back to menu
Indices -
Back to menu
Research
-
Back to menu
Events -
Back to menu
Sponsored
-
Back to menu
Videos -
Back to menu
-
Back to menu
-
Back to menu
Webinars
Select Language
By Shaurya Malwa|Edited by Parikshit Mishra
Updated Aug 11, 2025, 12:45 p.m. Published Aug 11, 2025, 12:32 p.m.
- Ransomware group Embargo has generated over $34 million since April 2024, potentially rebranding from the defunct BlackCat operation.
- The group targets U.S. sectors like healthcare and manufacturing, demanding ransoms as high as $1.3 million.
- Embargo uses double extortion tactics and may be leveraging AI to enhance phishing and reconnaissance efforts.
Ransomware group Embargo has pulled in at least $34.2 million in various tokens since its emergence in April 2024, according to TRM Labs.
The blockchain analytics firm says the ransomware group’s infrastructure and coding overlaps suggests it may be a likely rebranding of the defunct BlackCat (ALPHV) operation.
STORY CONTINUES BELOW
The group operates a ransomware-as-a-service model, providing affiliates with tooling while controlling the infrastructure and negotiations. U.S. healthcare, manufacturing, and business services have been primary targets as sectors where downtime is costly and ransom leverage is high.
Demands have reached $1.3 million, with victims including American Associated Pharmacies and multiple regional hospitals.
In its Monday report, TRM traced on-chain links between historical BlackCat wallets and addresses tied to Embargo victims, alongside off-chain similarities such as Rust-based ransomware builds and near-identical data leak sites. Affiliates appear to operate fluidly between campaigns, a common RaaS pattern.
Funds are typically moved through intermediary wallets into high-risk exchanges and sanctioned platforms like Cryptex.net, bypassing heavy reliance on mixers. Roughly $13 million has reached global VASPs, while $18.8 million sits idle in unattributed wallets — likely to slow detection and await more favorable movement conditions.
Embargo employs double extortion, combining file encryption with data theft and public leak threats. TRM believes the group may be experimenting with AI to scale phishing campaigns, mutate payloads, and speed reconnaissance — tactics increasingly common among ransomware operators.
The targeting bias toward U.S. healthcare mirrors a broader shift in ransomware strategy: hit services where operational disruption risks spill over into public safety, increasing the pressure to pay quickly.
If Embargo is indeed BlackCat under a new name, it would mark yet another high-profile ransomware pivot designed to preserve affiliate networks and payment channels while evading law enforcement focus, keeping crypto as the core rail for ransom settlement and laundering.
Read more: Ransomware Payments Fell 35% in 2024 as More Victims Refuse to Pay: Chainalysis
Shaurya is the Co-Leader of the CoinDesk tokens and data team in Asia with a focus on crypto derivatives, DeFi, market microstructure, and protocol analysis.
Shaurya holds over $1,000 in BTC, ETH, SOL, AVAX, SUSHI, CRV, NEAR, YFI, YFII, SHIB, DOGE, USDT, USDC, BNB, MANA, MLN, LINK, XMR, ALGO, VET, CAKE, AAVE, COMP, ROOK, TRX, SNX, RUNE, FTM, ZIL, KSM, ENJ, CKB, JOE, GHST, PERP, BTRFLY, OHM, BANANA, ROME, BURGER, SPIRIT, and ORCA.
He provides over $1,000 to liquidity pools on Compound, Curve, SushiSwap, PancakeSwap, BurgerSwap, Orca, AnySwap, SpiritSwap, Rook Protocol, Yearn Finance, Synthetix, Harvest, Redacted Cartel, OlympusDAO, Rome, Trader Joe, and SUN.
More For You
By Francisco Rodrigues, AI Boost|Edited by Stephen Alpher
36 minutes ago
The acquisition comes shortly after the firm closed a $500 million private placement led by 10X Capital and YZi Labs.
What to know:
- BNB Network Company, the treasury arm of CEA Industries, purchased 200,000 BNB tokens for $160 million, making it the largest corporate holder of BNB.
- The acquisition comes shortly after the firm closed a $500 million private placement led by 10X Capital and YZi Labs.
- David Namdar, Russell Read, and Saad Naja joined the company’s leadership, and 10X Capital’s Hans Thomas and Alexander Monje joined the board.
