Embargo ransomware gang has handled at least $34 million in about a year, report says therecord.media/embargo-r…

A cybercrime group that could be a successor to the BlackCat/Alphv ransomware operation is associated with about $34.2 million in cryptocurrency transactions since popping up in mid-2024, researchers said Friday.

Blockchain intelligence company TRM Labs said the Embargo ransomware gang appears to be “well resourced and technically capable,” and its activity over such a short span underscores “the group’s growing financial footprint in the ransomware ecosystem.”

Embargo started to draw scrutiny in late 2024, just a few months after BlackCat’s leaders appeared to conduct an exit scam on affiliates. Echoing other companies, TRM said the gang “may be a rebranded or successor operation to BlackCat (ALPHV) based on multiple technical and behavioral similarities,” including the infrastructure of its crypto wallets.

Like BlackCat, Embargo is a ransomware-as-a-service operation, providing affiliates with the tools they need to conduct attacks while taking a cut of any proceeds.