A newly emerging ransomware group called Embargo has rapidly infiltrated the cybercrime landscape, accumulating over $34 million in cryptocurrency-linked ransom payments since April 2024. According to blockchain intelligence firm TRM Labs, this group operates under a ‘ransomware-as-a-service’ (RaaS) model targeting critical infrastructure across the United States, including hospitals and pharmaceutical networks. Victims have included American Associated Pharmacies, Memorial Hospital and Manor in Georgia, and Weiser Memorial Hospital in Idaho, with ransom demands reaching as high as $1.3 million. analysis suggests Embargo may be a rebranded version of BlackCat (ALPHV), another prolific ransomware outfit that vanished earlier this year amid a suspected exit scam. The two groups share notable similarities, from their use of the Rust programming language to nearly identical data leak sites and overlapping cryptocurrency wallet infrastructure. Although $18.8 million in Embargo’s ransom earnings are currently dormant in un-touched wallets, potentially as an evasion tactic or for future laundering opportunities, over $13.5 million was traced through intermediaries, high-risk exchanges, and sanctioned platforms like Cryptex.net between May and August. Embargo employs a double-extortion tactic: encrypting systems and threatening to leak stolen data if ransom payments are not made. In some cases, the group has publicly targeted individuals or leaked sensitive files to increase pressure on victims. This group focuses its efforts on U.S.-based healthcare, manufacturing, and business services, sectors known for their high capacity to pay. The rise of ransomware groups like Embargo demonstrates that the threat remains substantial despite a recent decline in overall revenue.