EMCOR Group (NYSE: EME), a US-based Fortune 500 company specialized in engineering and industrial construction services, disclosed last month a ransomware incident that took down some of its IT systems.
The incident took place on February 15 and was identified as an infection with the Ryuk ransomware strain.
Details of the attack and the aftermath are not public, but the message announcing the ransomware infection is still present on the company's website almost three weeks after the attack.
EMCOR said that not all of its systems were impacted and that only "certain IT systems" were affected, which it promptly shut down to contain the infection.
The company said it was restoring services, but did not specify if it paid the ransom demand or if it was restoring from backups.
No sign of data theft
EMCOR also said that a current review of the infection did not uncover any signs that "that employee or customer data has been taken in the attack."
EMCOR made this clarification because in recent weeks, several ransomware gangs have also begun stealing data from infected companies and threatening to release said data unless the victim pays the ransom demand.
Ryuk, however, is not one of them, as this behavior has been seen with ransomware groups such as REvil (Sodinokibi), Maze, Nemty, DoppelPaymer, and PwndLocker.
In its financial report for last year's fourth quarter (2019 Q4), EMCOR said it already adjusted the estimated 2020 figures to account for the downtime caused by the ransomware incident, but did not specify the estimated losses.
The EMCOR Group is comprised of more than 80 smaller companies operating in 170+ locations across the globe, with more than 33,000 employees. The company recorded a $9 billion revenue last year.
The EMCOR ransomware incident is just the latest in a long line of ransomware infections at some of the world's largest companies.