New Embargo Rust-Based Ransomware Threat for Cross-Platform Systems

Red | Attack Report
Download PDF

Embargo ransomware, first identified in mid-2024, operates as a RaaS model, targeting both Windows and Linux systems through the Rust programming language. Its toolkit includes MDeployer, which deploys the ransomware and disables security defenses, and MS4Killer, which terminates security processes using vulnerable drivers for kernel access. The group employs a double-extortion strategy, exfiltrating sensitive data alongside encryption. With ongoing development and adaptability, Embargo poses a significant threat to organizations globally.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox

Cyber Horizons 2025

What Last Year’s Attacks Reveal About Today’s Risks

Watch the Webinar on-demand and get a FREE copy of our Cyber Horizons 2025 report.

Our Speakers
Speaker 1

Prateek Bhajanka Global Field CISO & Former Gartner Analyst Hive Pro Inc.

Speaker 2

Ankit Mani Manager Threat Intel HiveForce Labs

Speaker 3

Sreevani Tonipe Senior Threat Researcher HiveForce Labs