{
	"id": "e1c2df0a-1a4d-4766-8cf3-4ba147e797df",
	"created_at": "2026-04-06T00:16:00.192361Z",
	"updated_at": "2026-04-10T03:20:22.330916Z",
	"deleted_at": null,
	"sha1_hash": "d804bdf851a9b1866e1c32adbdcdfc7ec345c364",
	"title": "Ryuk ransomware hits Fortune 500 company EMCOR",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1909046,
	"plain_text": "Ryuk ransomware hits Fortune 500 company EMCOR\r\nBy Written by Catalin Cimpanu, ContributorContributor March 4, 2020 at 7:25 p.m. PT\r\nArchived: 2026-04-05 16:55:50 UTC\r\nImage: Fiona Feng\r\nSpecial feature\r\nEMCOR Group (NYSE: EME), a US-based Fortune 500 company specialized in engineering and industrial\r\nconstruction services, disclosed last month a ransomware incident that took down some of its IT systems.\r\nThe incident took place on February 15 and was identified as an infection with the Ryuk ransomware strain.\r\nDetails of the attack and the aftermath are not public, but the message announcing the ransomware infection is still\r\npresent on the company's website almost three weeks after the attack.\r\nEMCOR said that not all of its systems were impacted and that only \"certain IT systems\" were affected, which it\r\npromptly shut down to contain the infection.\r\nThe company said it was restoring services, but did not specify if it paid the ransom demand or if it was restoring\r\nfrom backups.\r\nNo sign of data theft\r\nEMCOR also said that a current review of the infection did not uncover any signs that \"that employee or customer\r\ndata has been taken in the attack.\"\r\nEMCOR made this clarification because in recent weeks, several ransomware gangs have also begun stealing data\r\nfrom infected companies and threatening to release said data unless the victim pays the ransom demand.\r\nhttps://www.zdnet.com/article/ryuk-ransomware-hits-fortune-500-company-emcor/\r\nPage 1 of 2\n\nRyuk, however, is not one of them, as this behavior has been seen with ransomware groups such as REvil\r\n(Sodinokibi), Maze, Nemty, DoppelPaymer, and PwndLocker.\r\nIn its financial report for last year's fourth quarter (2019 Q4), EMCOR said it already adjusted the estimated 2020\r\nfigures to account for the downtime caused by the ransomware incident, but did not specify the estimated losses.\r\nThe EMCOR Group is comprised of more than 80 smaller companies operating in 170+ locations across the\r\nglobe, with more than 33,000 employees. The company recorded a $9 billion revenue last year.\r\nThe EMCOR ransomware incident is just the latest in a long line of ransomware infections at some of the world's\r\nlargest companies.\r\nPast notable victims include DOD contractor EWA, law firm Epiq Global, North America railroad company\r\nRailworks, Croatia's largest petrol station chain INA Group, parts manufacturer Visser, and French ISP and cloud\r\nprovider Bretagne Télécom.\r\nThe Mac malware most likely to attack your PC this year\r\nSecurity\r\nEditorial standards\r\nSource: https://www.zdnet.com/article/ryuk-ransomware-hits-fortune-500-company-emcor/\r\nhttps://www.zdnet.com/article/ryuk-ransomware-hits-fortune-500-company-emcor/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.zdnet.com/article/ryuk-ransomware-hits-fortune-500-company-emcor/"
	],
	"report_names": [
		"ryuk-ransomware-hits-fortune-500-company-emcor"
	],
	"threat_actors": [],
	"ts_created_at": 1775434560,
	"ts_updated_at": 1775791222,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d804bdf851a9b1866e1c32adbdcdfc7ec345c364.pdf",
		"text": "https://archive.orkl.eu/d804bdf851a9b1866e1c32adbdcdfc7ec345c364.txt",
		"img": "https://archive.orkl.eu/d804bdf851a9b1866e1c32adbdcdfc7ec345c364.jpg"
	}
}