[BreachExchange] Ryuk Ransomware Attacks Fortune 500 Company Emcor

[Destry Winant]

https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/ryuk-attacks-fortune-500-company-emcor/

Emcor, a Fortune 500 company that specializes in mechanical and
electrical construction services and industrial and energy
infrastructure, has experienced a Ryuk ransomware attack. At this
time, Emcor has not uncovered evidence that employee or customer data
was taken during the attack, the company said.

Emcor has shut down IT systems affected by the Ryuk attack and
implemented business continuity plans. In addition, several Emcor
systems are still coming back online following the cyberattack, the
company stated.

Meanwhile, Emcor has retained a cybersecurity forensics firm, and an
investigation into the Ryuk attack is ongoing. Emcor also is
continuing to serve its customers as it works to resolve the incident,
according to the company.

Emcor recorded revenue of nearly $9.2 billion last year. The company
operates more than 170 locations and manages over 33,000 employees
globally.

A Closer Look at Ryuk

Ryuk was discovered in August 2018. The ransomware enables a threat
actor to identify and attack an organization’s critical network
systems, and it often goes undetected for several days or months
following an initial infection.

Cybercriminals in October 2019 used Ryuk to infect computers across
three Alabama hospitals managed by DCH Health System. Four patients at
these hospitals in December filed a class action lawsuit against DCH
due to the Ryuk attack.

Furthermore, the National Cyber Security Centre (NCSC) issued a Ryuk
warning in July 2019. NCSC also continues to investigate various Ryuk
campaigns.