Embargo Ransomware Gang Claims to Hit Pharmacy Network

The Embargo ransomware gang claims it stole 1.469 terabytes of data from the American Associated Pharmacies (AAP), according to an article by Connor Jones in The Register. The upstart gang is also said to have scrambled the pharmacy network’s files and demanded payment to restore them.

AAP is a member-owned cooperative that manages vendor agreements for more than 2,000 independent and community pharmacies. As of mid-November, AAP had not confirmed the breach, but on its website it asks members to click on “forgot password” and then do a reset.

Jones notes that claims by ransomware criminals should be taken with “a pinch of salt,” but reports that Embargo brags on its website that AAP has forked over $1.3 million to have its data decrypted, and following the so-called double-extortion playbook, it wants an additional $1.3 million to prevent it from sharing the data further.

If these claims are true, Embargo’s demands far exceed the average demanded figure of $1.5 million, according to the FBI. The double-extortion strategy has already become “classic,” says Jones, but the Embargo gang apparently has also been an innovator in extortionist tactics. For example, it has assigned blame to specific individuals after deciding to leak a victim’s data.

In a number of cases, the gang has gone so far as to list the names, email addresses, and phone numbers of key figures in the organization whom it believes hindered the payment and negotiation process.

Today’s General Counsel wrote about an extortion gang targeting Change Healthcare earlier this year.