{"group":"embargo","count":1,"rules":[{"rule_name":"embargo.yar","rule_text":"/*\nEmbargo ransomware (Rust-based)\n*/\n\nrule Embargo_Ransomnote\n{\n    meta:\n        author = \"ransomware.live\"\n        family = \"ransomware.embargo\"\n        description = \"Detects Embargo ransomware ransom note\"\n        date = \"2026-05-04\"\n        severity = 7\n        score = 70\n\n    strings:\n        $s1 = \"Embargo\" ascii nocase\n        $s2 = \"EMBARGO\" ascii\n        $s3 = \"embargo.onion\" ascii nocase\n        $s4 = \"HOW-TO-RECOVER.txt\" ascii nocase\n\n    condition:\n        any of them\n}","sha256":"9a276c02ad3110f1d25ece6838247df1c4072ba4d064a8955277dcf31b5bad28","byte_size":488,"updated_at":"2026-06-24 05:16:01"}]}