Ryuk Ransomware Attack Forced Fortune 500 Company EMCOR to Shutdown Down Some of its IT Systems

Ryuk ransomware attack

EMCOR Group (NYSE: EME), a Fortune 500 company based in the USA specializing in engineering and industrial construction services, announced a ransomware attack last month, which brought down some of its IT systems.

The event took place on 15 February and was reported to be a Ryuk ransomware strain outbreak.

The details of the attack and the implications are not available, but the post about the ransomware intrusion persists on the website of the organization nearly three weeks after the incident.

Credit: Emcor Group

EMCOR stated that not all of its systems were infected and that only some IT systems, which is quickly shut down to contain the infection, were affected

The organization said it was restoring the facilities but did not specify whether it charged the ransom demand or recovered the backups.

EMCOR also said a recent evaluation of the attack did not show any signs “that employee or customer data were captured in an attempt.” EMCOR explained the reality that over the last few weeks, many ransomware groups have also begun stealing and threatened to release data from compromised businesses until victims are paid the ransom fee.

Nevertheless, Ryuk is not one of them as ransomware communities such as REvil (Sodinokibi), Maze, Nemty, DoppelPaymer, and PwndLocker have been present with this behavior.

EMCOR has already updated the projected estimates of 2020 for the disruption triggered by the ransomware attack in its fourth quarter of last year’s financial report (2019 Q4) but did not include the expected damages.

The EMCOR Group consists of more than 80 smaller companies and over 33,000 staff in more than 170 locations worldwide. The business posted sales of $9 billion last year.

The EMCOR ransomware attack is the latest in a long line of ransomware attacks in some of the biggest companies around the world.

Over the past, significant casualties include EWA, DOD, Epiq Group, Railworks, Croatia’s biggest petrol station company, the Visser product maker, and French ISP, and Bretagne Télécom, a cloud operator.

Jennifer Thomas
Jennifer Thomas is the Co-founder and Chief Business Development Officer at Cybers Guards. Prior to that, She was responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services.