1,469 TB of Data Held Hostage: Embargo Group Targets American Associated Pharmacies
The American Associated Pharmacies (AAP), an organization representing over 2,000 independent pharmacies across the United States, has reportedly fallen victim to the Embargo cybercrime group. The hackers claim to have breached the company’s systems, exfiltrating and encrypting 1,469 TB of data, accompanied by a ransom demand.
As of now, AAP has neither confirmed the incident nor provided comments to the media regarding the alleged cyberattack. However, a notice on the company’s official website announced a forced reset of all user passwords. The statement specified that “passwords associated with APIRx.com and RxAAP.com have been reset, and prior credentials will no longer work.” Users are advised to utilize the password recovery function.
AAP also reported temporary disruptions to its subsidiary, API Warehouse, which specializes in the wholesale procurement of prescription drugs. The company assured that these issues have since been resolved.
The hackers allege that AAP has already paid $1.3 million for data decryption but must pay an equivalent amount to prevent the stolen information from being leaked. The group has set a deadline of November 20 for compliance. This tactic, known as double extortion, involves not only encrypting data to demand ransom but also threatening its public exposure.
Embargo is notorious for publishing personal details of corporate executives who impede ransom payments or prolong negotiations. In some instances, the group has also disclosed contact information for cybersecurity experts assisting affected companies.
Although Embargo is a relatively recent entrant to the cybercrime landscape, first identified in the summer, the group has already drawn the attention of more established criminal organizations, such as Storm-0501. Embargo employs sophisticated tools to disable security systems before deploying its primary malware, written in Rust.
Apart from the brief notification on its website, AAP has made no formal statements regarding the incident. Users seeking clarification through the company’s social media channels have also received no response.
