Embargo ransomware, first identified in mid-2024, operates as a RaaS model, targeting both Windows and Linux systems through the Rust programming language. Its toolkit includes MDeployer, which deploys the ransomware and disables security defenses, and MS4Killer, which terminates security processes using vulnerable drivers for kernel access. The group employs a double-extortion strategy, exfiltrating sensitive data alongside encryption. With ongoing development and adaptability, Embargo poses a significant threat to organizations globally.
What’s new on HivePro
Get through updates and upcoming events, and more directly in your inbox
