Ryuk ransomware attack forced industrial conglomerate EMCOR to shut down IT systems

The industrial giant claims that the Ryuk ransomware attack took place in mid-February

EMCOR, a US-based Fortune 500 industrial conglomerate, was forced to shut down some of its IT systems last month following a ransomware attack.

The incident took place on 15^th February, according to the company, and was identified as a Ryuk attack.

EMCOR said that the incident affected only a limited number of IT systems that were quickly shut down to prevent further infection to other systems.

"EMCOR recently determined that we were the target of a RYUK ransomware attack infecting certain of the Company's systems with malware," the company stated in a post on its website.

"As a precautionary measure, we promptly shut down certain IT systems to help contain the problem."

The company said that it was trying to fully restore its services, although it didn't give any details on whether it paid any ransom to hackers or was restoring systems through backups.

"We implemented business continuity plans to facilitate on-going operations and are restoring systems, where appropriate. While some of our systems are still coming back online, we are continuing to service our customers," it revealed.

EMCOR also said that it was taking help of a leading cyber security forensic firm to investigate the incident. It also adjusted the estimated 2020 figures in its financial report for the fourth quarter of 2019 to account for the downtime caused by the ransomware attack.

Ryuk ransomware attack against EMCOR is latest in the series of ransomware attacks against private firms in recent months.

In October 2019, cybercriminals used Ryuk ransomware to infect computers across three Alabama hospitals managed by DCH Health System. Following the incident, four patients at these hospitals filed a class action lawsuit against DCH, accusing it of being negligent about the cyber security issues.

Earlier in January 2019, production of a number of US newspapers belonging to the Tribune Group was adversely affected following a cyber attack involving Ryuk ransomware.

The National Cyber Security Centre also issued an alert in July 2019 to warn organisations about the Ryuk infection.

Earlier this year, cyber criminals demanded $3 million ransom from foreign currency exchange firm Travelex after encrypting its computer systems with Sodinokibi ransomware.