12/53 degraded parser RaaS
42posts (all time)
1last 30 days
1last 7 days
23% avg uptime 30d
Activity · last 30 days last post
Parsing: enabled Known RaaS
Description
Embargo is a Ransomware-as-a-Service (RaaS) operation first observed in May 2024. It employs a double-extortion model, encrypting victim data while exfiltrating sensitive files for publication on a Tor-based leak site. Embargo uses a Rust-based payload that leverages AES-256 and RSA-4096 encryption, deletes volume shadow copies, and disables recovery features to prevent restoration. Its targeting appears opportunistic but has included sectors such as finance, manufacturing, and professional services across North America, Europe, and Asia. The ransomware’s customization options, negotiation portal, and leak infrastructure suggest a closed affiliate model with a focus on operational security.
External Analysis3
Ransom notes2
- HOW_TO_RECOVER_FILES_2.txt txt
- HOW_TO_RECOVER_FILES.txt txt




















