{"id":48200,"date":"2025-08-11T09:20:22","date_gmt":"2025-08-11T09:20:22","guid":{"rendered":"https:\/\/crypto-globe.com\/?p=48200"},"modified":"2025-08-11T10:55:40","modified_gmt":"2025-08-11T10:55:40","slug":"the-embargo-hacker-group-stole-more-than-34-million-in-crypto-assets","status":"publish","type":"post","link":"https:\/\/crypto-globe.com\/en\/the-embargo-hacker-group-stole-more-than-34-million-in-crypto-assets\/","title":{"rendered":"The Embargo hacker group stole more than $34 million in crypto assets."},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><strong>The Embargo cyberattack group forced American companies to pay approximately $34.2 million in cryptocurrencies. It operates on a RaaS* model and primarily targets companies in the healthcare, business services and manufacturing sectors. In addition to financial gain, the hackers are likely pursuing political goals, as evidenced by their involvement in similar incidents.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">*&nbsp;<strong>RaaS<\/strong>&nbsp;stands for&nbsp;<em>Ransomware-as-a-Service<\/em>&nbsp;\u2013 a cybercrime model in which the creators of malicious software (ransomware)&nbsp;<strong>offer their tool to other attackers<\/strong>&nbsp;in a similar way to how legal software companies provide software as a service.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Article content:<\/h2>\n\n\n<div class=\"wp-block-aioseo-table-of-contents\"><ul><li><a class=\"aioseo-toc-item\" href=\"#aioseo-who-are-the-victims-and-what-are-the-embargo-groups-revenues\">Who are the victims and what are the Embargo group&#039;s revenues?<\/a><ul><\/ul><\/li><li><a class=\"aioseo-toc-item\" href=\"#aioseo-what-does-an-attack-look-like-in-a-nutshell-a-few-points-to-watch-out-for\">What does an \u2018attack\u2019 look like in a nutshell \u2013 a few points to watch out for.<\/a><\/li><li><a class=\"aioseo-toc-item\" href=\"#aioseo-how-to-protect-your-business-from-embargo-ransomware\">How to protect your business from Embargo ransomware<\/a><ul><li><a class=\"aioseo-toc-item\" href=\"#aioseo-continue-here-bitmarkets-com\">Continue here:\u00a0BITmarkets.com<\/a><\/li><\/ul><\/li><\/ul><\/div>\n\n\n<h2 class=\"wp-block-heading\" id=\"aioseo-who-are-the-victims-and-what-are-the-embargo-groups-revenues\">Who are the victims and what are the Embargo group&#8217;s revenues?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Since April 2024, the Embargo cyberattack group, which operates under the RaaS model, has obtained approximately $34.2 million in cryptocurrency from its victims.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">These included American Associated Pharmacies, <a href=\"https:\/\/www.mh-m.org\/\" target=\"_blank\" rel=\"noopener\" title=\"\">Memorial Hospital and Manor<\/a>, and Weiser Memorial Hospital. Some ransom payments reached as much as $1.3 million.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Analysts believe that Embargo may be a rebranding or successor to the well-known BlackCat (ALPHV) group. The suspicions are based on technical similarities: the use of the Rust programming language, a similar website design for data leaks, and identical cryptocurrency wallet addresses.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The group provides tools to affiliated hackers in exchange for a share of the ransom, while retaining control over key operations \u2013 infrastructure and negotiations with victims. It avoids the aggressive publicity typical of other groups, which helps it stay out of the spotlight of law enforcement agencies for longer.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"640\" src=\"http:\/\/crypto-globe.com\/wp-content\/uploads\/2025\/08\/AdobeStock_684787983-1-1024x640.jpeg\" alt=\"cyber\" class=\"wp-image-48191\" srcset=\"https:\/\/crypto-globe.com\/wp-content\/uploads\/2025\/08\/AdobeStock_684787983-1-1024x640.jpeg 1024w, https:\/\/crypto-globe.com\/wp-content\/uploads\/2025\/08\/AdobeStock_684787983-1-300x188.jpeg 300w, https:\/\/crypto-globe.com\/wp-content\/uploads\/2025\/08\/AdobeStock_684787983-1-768x480.jpeg 768w, https:\/\/crypto-globe.com\/wp-content\/uploads\/2025\/08\/AdobeStock_684787983-1-1536x960.jpeg 1536w, https:\/\/crypto-globe.com\/wp-content\/uploads\/2025\/08\/AdobeStock_684787983-1-150x94.jpeg 150w, https:\/\/crypto-globe.com\/wp-content\/uploads\/2025\/08\/AdobeStock_684787983-1-696x435.jpeg 696w, https:\/\/crypto-globe.com\/wp-content\/uploads\/2025\/08\/AdobeStock_684787983-1-1068x668.jpeg 1068w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading has-text-align-center\" id=\"aioseo-you-may-be-interested-in-pancakeswap-platform-review\">You may be interested in:\u00a0<a href=\"https:\/\/crypto-globe.com\/en\/pancakeswap-platform-review\/\" target=\"_blank\" rel=\"noreferrer noopener\">PancakeSwap \u2013 Platform Review<\/a><\/h3>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"aioseo-what-does-an-attack-look-like-in-a-nutshell-a-few-points-to-watch-out-for\">What does an \u2018attack\u2019 look like in a nutshell \u2013 a few points to watch out for.<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Embargo&#8217;s main targets are companies in the healthcare, business services and manufacturing sectors, particularly in the US, where organisations are usually able to pay higher ransoms.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Hackers gain access to networks through unpatched vulnerabilities, phishing or infected websites. They then disable security systems and delete backup copies before encrypting the data.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In addition, the Embargo group uses a \u2018double extortion\u2019 tactic \u2013 not only does it encrypt data, but it also steals confidential information and threatens to publish or sell it on the darknet. In some cases, the attackers even publish the names of specific individuals to increase the pressure.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The ransom money goes through intermediary wallets, high-risk exchanges, and even sanctioned platforms. Approximately $18.8 million is currently \u2018frozen\u2019 at unknown addresses, likely to make tracking more difficult.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Cyberspace experts believe that Embargo may be using artificial intelligence (AI) and machine learning to spread attacks, create realistic phishing messages, automatically modify malicious software, and speed up operations.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">However, the same technologies are also used by companies for defence \u2013 from detecting unusual activity to automatically blocking suspicious processes.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"aioseo-how-to-protect-your-business-from-embargo-ransomware\">How to protect your business from Embargo ransomware<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Protecting your organisation from sophisticated ransomware groups such as Embargo requires a proactive, multi-layered approach. One of the most important steps is to keep all systems and software up to date and install security patches as soon as they are released. Many known breaches occur precisely because of unpatched vulnerabilities. Strengthening email security is equally important, as phishing remains a common entry point \u2013 use advanced filtering tools, sandbox attachments, and continuously train employees to recognise malicious emails.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Another pillar of protection is access control: enable multi-factor authentication for all accounts, especially administrative ones, and adhere to the principle of least privilege to limit damage in the event of an account compromise. Network segmentation, where critical systems are isolated, can prevent ransomware from spreading freely.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Reliable offline backups are also essential \u2013 store them in a secure, immutable format and test recovery regularly. Finally, invest in monitoring tools such as Endpoint Detection &amp; Response (EDR) to detect unusual activity in a timely manner. Complement these steps with a well-thought-out incident response plan to minimise business disruption and financial losses in the event of an attack.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Embargo represents a new generation of highly effective ransomware operations \u2013 technically advanced, stealthy and financially very efficient. Their constantly evolving toolset and silent infrastructure make them a particularly dangerous cyber threat to the entire world.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-text-align-center\" id=\"aioseo-continue-here-bitmarkets-com\">Continue here:\u00a0<a href=\"https:\/\/crypto-globe.com\/en\/bitmarkets-com-how-the-btmt-token-will-improve-your-cryptocurrency-trading\/\" target=\"_blank\" rel=\"noreferrer noopener\">BITmarkets.com<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>The Embargo cyberattack group forced American companies to pay approximately $34.2 million in cryptocurrencies. It operates on a RaaS* model and primarily targets companies in the healthcare, business services and manufacturing sectors. In addition to financial gain, the hackers are likely pursuing political goals, as evidenced by their involvement in similar incidents. *&nbsp;RaaS&nbsp;stands for&nbsp;Ransomware-as-a-Service&nbsp;\u2013 a [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":48174,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"yasr_overall_rating":0,"yasr_post_is_review":"","yasr_auto_insert_disabled":"","yasr_review_type":"","footnotes":""},"categories":[162],"tags":[99,93,111],"class_list":["post-48200","post","type-post","status-publish","format-standard","has-post-thumbnail","category-crypto","tag-bitcoin-en","tag-cryptocurrencies","tag-fraud"],"aioseo_notices":[],"yasr_visitor_votes":{"stars_attributes":{"read_only":false,"span_bottom":false},"number_of_votes":0,"sum_votes":0},"aioseo_meta":{"seo_title":"Embargo stole 34M USD in crypto #separator_sa #site_title","meta_description":"Embargo forced US companies to pay over $34M in crypto. They target healthcare, services, and manufacturing, possibly with political motives too.","focus_keyword":""},"_links":{"self":[{"href":"https:\/\/crypto-globe.com\/en\/wp-json\/wp\/v2\/posts\/48200","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/crypto-globe.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crypto-globe.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crypto-globe.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/crypto-globe.com\/en\/wp-json\/wp\/v2\/comments?post=48200"}],"version-history":[{"count":1,"href":"https:\/\/crypto-globe.com\/en\/wp-json\/wp\/v2\/posts\/48200\/revisions"}],"predecessor-version":[{"id":48203,"href":"https:\/\/crypto-globe.com\/en\/wp-json\/wp\/v2\/posts\/48200\/revisions\/48203"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/crypto-globe.com\/en\/wp-json\/wp\/v2\/media\/48174"}],"wp:attachment":[{"href":"https:\/\/crypto-globe.com\/en\/wp-json\/wp\/v2\/media?parent=48200"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crypto-globe.com\/en\/wp-json\/wp\/v2\/categories?post=48200"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crypto-globe.com\/en\/wp-json\/wp\/v2\/tags?post=48200"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}