Embargo is a relatively new ransomware group that emerged in mid-2024, quickly gaining notoriety for its sophisticated
tactics and custom tools. Operating under a Ransomware-as-a-Service (RaaS) model, Embargo leverages Rust-based
malware to attack both Windows and Linux systems. The group’s hallmark is a defence-evasion toolkit that disables security
protections on victim machines, ensuring their ransomware can encrypt files without interference. Like many modern
groups, Embargo employs double extortion (stealing sensitive data before encryption), to pressure victims into paying
under threat of public leaks. Despite being a newcomer, Embargo is already considered a significant global threat, having
targeted organisations across sectors and caused serious disruptions.