PanelActoresCampanasMapaTTPs
Panel » Actores » embargo
ArsenalExploitsTTP MatrixKillChainMapaActoresSSLBLRansomLookRansomwhereAlertasCyberNews
embargo logo

embargo

9 incidentes 3 paises 4 sectores ransomware RU Ultimo: 2026-06-25
Ver en IntelTracker → APTTrail →
Embargo is a cybercriminal group operating under a Ransomware-as-a-Service (RaaS) model, first observed in June 2024. The group provides affiliates with the necessary tools and infrastructure to conduct attacks, retaining control over core operations like payment negotiations. Embargo is suspected with moderate confidence to be of Russian origin and its primary motivation is financial gain, though some incidents have incorporated politically charged messages. The group is distinguished by its use of the Rust programming language for its custom malware and its aggressive double extortion tactics, which involve encrypting victim data while also exfiltrating sensitive information to pressure victims into paying, often threatening to leak data on dedicated sites. Embargo is assessed by some as a possible rebranded or successor operation to BlackCat (ALPHV), sharing technical and behavioral similarities.
Tecnicas MITRE
T1047, T1059, T1078, T1486

RansomLook pivots

Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.

Abrir perfil →
Data
RecentBrowseTrendingStats
Intel
GroupURLsCryptoLeaksNotesAnalysesTorrents
Info
APIGlossaryAbout
Victimas
8
TTPs unicas
1
Info robada historica
16.69 TB
Rescates reclamados
N/D
Pagos detectados
N/D

TTPs observadas

T1566 Phishing

Paises afectados

United States (6) India (1) Hungary (1)

Paises objetivo (SOCRadar)

United Arab EmiratesAmerican SamoaAustraliaBelgiumBrazilCanadaGermanyEritreaFranceUnited Kingdom

Sectores atacados

Construction (2) Hospitality and Tourism (1) Technology (5) Healthcare (1)

Sectores objetivo (SOCRadar)

Construction of BuildingsCredit UnionsSoftware PublishersHospitalsAccommodationAir TransportationManufacturingConstructionElectrical Equipment, Appliance, and Component ManufacturingPublic Administration

URLs nuevas detectadas en IntelTracker

ransomware.anggipradana.com embargobe3n5okxyzqphpmk3moinoap2snz5k6765mvtkk7hhi544jid.onion

Victimas (8)

Auburn Electrical Construction Company9 Jun 2026
Ransomware United States Construction
Resumen Auburn Electrical Construction Company fue identificada como una posible víctima de un ataque de ransomware en el contexto del grupo embargo. …
Ransomware Victim: Auburn Electrical Construction Company (embargo)9 Jun 2026
Ransomware Construction
Auburn Electrical Construction Company Victima de ransomware reportada en el dashboard de embargo. CampoValor Grupoembargo PaisUS SectorConstruction F…
https://www.lagoonpark.com/31 Mar 2026
Ransomware United States Hospitality and Tourism
Resumen Se ha reportado una alerta de ransomware relacionada con el parque de diversiones Lagoon Amusement Park, ubicado en Farmington, Utah. El ataqu…
ludlums.com26 Mar 2026
Ransomware United States Technology
Resumen Se ha detectado una alerta de ransomware relacionada con el dominio ludlums.com, asociado al grupo cybercriminal "embargo". La empresa Ludlum …
westport.com14 Mar 2026
Ransomware United States Technology
Resumen Una alerta de ransomware ha sido publicada relacionada con westport.com, un proveedor líder de tecnologías alternativas para transporte a bajo…
seclore.com11 Mar 2026
Ransomware India Technology
Resumen seclore.com ha sido objetivo de un ataque de ransomware atribuido al grupo embargo, que ha resultado en la exposición de 1.3 TB de datos. La e…
ubm.hu11 Mar 2026
Ransomware Hungary Technology
Resumen Se ha reportado una alerta de ransomware relacionada con la empresa ubm.hu, perteneciente al grupo embargo. La empresa, fundada en 1996 y espe…
nch.com9 Mar 2026
Ransomware United States Technology
Resumen nch.com ha sido identificado como una víctima de un ataque de ransomware atribuido al grupo embargo. Según informaciones disponibles, más de 7…