Embargo Ransomware Threatens to Leak 1.5TB of Data from American Associated Pharmacies

Embargo Ransomware Threatens to Leak 1.5TB of Data from American Associated Pharmacies

November 18, 2024 Catherine Williams - Chief Editor Tech

Embargo Group Threatens to Leak 1.5TB of Pharmacy Data

Ransomware group Embargo threatens to release nearly 1.5 terabytes of data stolen from American Associated Pharmacies (AAP), which consists of 2,000 independent pharmacies. The group demands a second ransom payment after AAP paid $1.3 million for a decryptor key. Embargo claims that AAP still owes another $1.3 million for deleting the stolen data.

A countdown on Embargo’s dark web site warns that data will be published unless the ransom is paid by midweek. Embargo accuses AAP of disregarding the confidentiality of customer data, stating, “Clearly AAP only cares about their own systems.”

An attorney for AAP has not provided comments to the media on this incident. AAP, formed from a merger of two pharmacy cooperatives in 2009, stated on its website that some ordering services have been restored. However, it did not mention the cyberattack.

Mike Hamilton, a security expert at Lumifi Cyber, notes that the double extortion tactic used by Embargo highlights a surplus of stolen records available for sale on dark markets. Hamilton explained that victims are often pressured into paying ransoms due to the potential legal actions following data breaches.

Additional Attacks by Embargo

Embargo also threatens to leak data from another healthcare provider, Memorial Hospital and Manor, located in Georgia. The group revealed plans to release 1.15 terabytes of data stolen from this facility. Memorial Hospital did not respond to requests for comments.

Hamilton indicated that the extended ransom deadline for Memorial Hospital suggests ongoing negotiations regarding payment versus potential litigation costs. Insurance companies likely play a role in these discussions.

Embargo has attacked various sectors and regions, affecting organizations in the U.S., Australia, and Europe. Their victims include police departments, local governments, and various companies across multiple industries.

Researchers identify Embargo as having emerged in spring 2024, claiming to be an international group without political motivations. Their wide range of targets includes multiple healthcare entities, marking them as a significant threat in this sector.