Embargo is a ransomware variant written in Rust that has been active since at least May 2024. Embargo ransomware operations are associated with “double extortion” ransomware activity, where data is exfiltrated from victim environments prior to encryption, with threats to publish files if a ransom is not paid. Embargo ransomware has been known to be delivered through a loader known as MDeployer which also leverages a malware component known as MS4Killer that facilitates termination of processes operating on the victim hosts.

Embargo is also reportedly a Ransomware as a Service (RaaS).