Embargo Ransomware Group Claims Attack on American Associated Pharmacies
The Embargo ransomware group has claimed another healthcare victim, the Scottsboro, AL-based pharmacy chain American Associated Pharmacies. The attack follows ransomware attacks on Memorial Hospital and Manor, an 80-bed community hospital and 107 long-term care facility in Georgia, and Weiser Memorial Hospital, a critical access hospital in Idaho.
The Embargo ransomware group is a relatively new ransomware group that emerged in June 2024. According to an analysis by the cybersecurity firm ESET, Embargo is a well-resourced ransomware-as-a-service (RaaS) group that engages in double extortion, stealing data before encrypting files and demanding a ransom payment for decryption and preventing the release of the stolen data. Embargo provides its affiliates with an encryptor and an endpoint detection and response (EDR) filler which is tailored for each victim’s environment to kill specific security solutions. ESET says the group’s tools are under active development and believes Embargo is building its brand and establishing itself as a prominent ransomware operator.
Embargo recently added American Associated Pharmacies to its data leak site and claimed to have stolen almost 1.5 TB of data in the attack before encrypting files. Embargo claimed on its website that the pharmacy chain paid a ransom of $1.3 million for the keys to decrypt its systems. The group is holding out for a further payment of $1.3 million to prevent the publication of the stolen data. That would make the total demand almost twice the current average ransom payment.
American Associated Pharmacies has not publicly confirmed the attack, although its website states that limited ordering capabilities for API Warehouse have been restored at APIRx.com and that all passwords associated with accounts at APIRx.com and RxAAP.com have been reset. Given Embargo’s claims, it would appear that those actions were taken in response to the attack.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The attack on Memorial Hospital and Manor occurred on November 1, 2024, and affected its email system and electronic medical records. The hospital announced in a now-removed post on Facebook that it was dealing with a ransomware attack, although the group behind the attack was not named. Embargo claimed on its data leak site that 1.15 TB of data was stolen in the attack and would soon be published. Embargo also claimed responsibility for an attack on Weiser Memorial Hospital in Idaho, which allegedly involved the theft of around 200 GB of data, all of which has been leaked online. The investigations of these two attacks are ongoing and it has yet to be confirmed how much patient data was stolen by Embargo.
