The event took place on 15 February and was reported to be a Ryuk ransomware strain outbreak. The details of the attack and the implications are not available, but the post about the ransomware intrusion persists on the website of the organization nearly three weeks after the incident. EMCOR stated that not all of its systems were infected and that only some IT systems, which is quickly shut down to contain the infection, were affected The organization said it was restoring the facilities but did not specify whether it charged the ransom demand or recovered the backups. EMCOR also said a recent evaluation of the attack did not show any signs “that employee or customer data were captured in an attempt.” EMCOR explained the reality that over the last few weeks, many ransomware groups have also begun stealing and threatened to release data from compromised businesses until victims are paid the ransom fee. Nevertheless, Ryuk is not one of them as ransomware communities such as REvil (Sodinokibi), Maze, Nemty, DoppelPaymer, and PwndLocker have been present with this behavior. EMCOR has already updated the projected estimates of 2020 for the disruption triggered by the ransomware attack in its fourth quarter of last year’s financial report (2019 Q4) but did not include the expected damages. The EMCOR Group consists of more than 80 smaller companies and over 33,000 staff in more than 170 locations worldwide. The business posted sales of $9 billion last year. The EMCOR ransomware attack is the latest in a long line of ransomware attacks in some of the biggest companies around the world. Over the past, significant casualties include EWA, DOD, Epiq Group, Railworks, Croatia’s biggest petrol station company, the Visser product maker, and French ISP, and Bretagne Télécom, a cloud operator.
