embargo
Intelligence Profile
Embargo is a Rust-based ransomware-as-a-service group that emerged in April 2024, primarily targeting US healthcare, manufacturing, and business services organizations using double extortion, assessed as a potential successor to BlackCat/ALPHV with over $34 million in ransom proceeds.
Threat Analysis
embargo is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.
Financially motivated threat actors like embargo prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
Known Campaigns
Embargo is conducting an active ransomware campaign targeting organizations across 3 countries. Primary targets: Hospitality and Tourism, Technology. 6 confirmed victims recorded in the last 45 days. Campaign status: ACTIVE (last activity 31 Mar 2026).