Emcor, a Fortune 500 company that specializes in mechanical and electrical construction services and industrial and energy infrastructure, has experienced a Ryuk ransomware attack. At this time, Emcor has not uncovered evidence that employee or customer data was taken during the attack, the company said.
Emcor has shut down IT systems affected by the Ryuk attack and implemented business continuity plans. In addition, several Emcor systems are still coming back online following the cyberattack, the company stated.
Meanwhile, Emcor has retained a cybersecurity forensics firm, and an investigation into the Ryuk attack is ongoing. Emcor also is continuing to serve its customers as it works to resolve the incident, according to the company.
Emcor recorded revenue of nearly $9.2 billion last year. The company operates more than 170 locations and manages over 33,000 employees globally.
A Closer Look at Ryuk
Ryuk was discovered in August 2018. The ransomware enables a threat actor to identify and attack an organization’s critical network systems, and it often goes undetected for several days or months following an initial infection.
Cybercriminals in October 2019 used Ryuk to infect computers across three Alabama hospitals managed by DCH Health System. Four patients at these hospitals in December filed a class action lawsuit against DCH due to the Ryuk attack.
Furthermore, the National Cyber Security Centre (NCSC) issued a Ryuk warning in July 2019. NCSC also continues to investigate various Ryuk campaigns.