Security Defenses Crippled by Embargo Ransomware

There is a new gang known as Embargo ransomware that specializes in ransomware-as-a-service (RaaS). According to a study by ESET researchers published Wednesday, the Embargo ransomware group is a relatively young and undeveloped ransomware gang. It uses a custom Rust-based toolkit, with one variant utilizing the Windows Safe Mode feature to disable security processes.

ESET researchers say that the Embargo ransomware group is developing custom Rust-based tools to defeat the cybersecurity defenses put in place by companies and governments.

There is a new toolkit that was discovered in July 2024 during an attack on US companies by ransomware and is made up of a loader and an EDR killer, MDeployer, and MS4Killer, respectively, which can also be accessed and downloaded online.

There are several ways in which MS4Killer can be utilized. 

For instance, it can be compiled according to each victim’s environment, targeting only specific security solutions.

As it appears that both tools were developed together, there is some overlap in functionality between them.

Several of the programs that were developed as part of the group, including MDeployer, MS4Killer, and Embargo’s ransomware payload, are written in Rust, thus suggesting that the language is one that the developers use most often.

It is claimed that the group has committed ten acts of cybercrime on its dark web leak site, including a non-bank lender from Australia, a police department from South

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.