Ryuk ransomware hits Fortune 500 company EMCOR, a US-based Fortune 500 company specialized in engineering and industrial construction services, disclosed last month a ransomware incident that took down some of its IT systems. The incident from 15th Feb 2020 was identified as Ryuk ransomware. Details of the attack and the aftermath are not yet public, but the message announcing the ransomware infection is still present on the company’s website almost three weeks after the attack. EMCOR said that not all of its systems were impacted and that only “certain IT systems” were affected, which it promptly shut down to contain the infection. The company said it was restoring services, but did not specify if it paid the ransom demand or if it was restoring from backups.

EXPERTS COMMENTS
Paul Edon, Senior Director (EMEA) ,  Tripwire
March 06, 2020
That means putting in place and managing secure configurations for the assets in your environment.
Ransomware, or any malware, can’t just magically appear on your systems. It needs some kind of mechanism for deployment, usually an unpatched vulnerability, misconfiguration or successful phishing. Building a solid foundation is the best place to start for an effective defence. That means putting in place and managing secure configurations for the assets in your environment. In order for this co ....
Martin Jartelius, CSO ,  Outpost24
March 06, 2020
This is an example of what looks to be a better security practice than what we have seen from similar cases recently.
This is an example of what looks to be a better security practice than what we have seen from similar cases recently. The infection while gaining a foothold failed to hit the entire digital estate, meaning a single set of credentials or access did not grant the attackers a global reach. This shows once again that in-depth defense actually pays off when things go wrong. ....
Sam Curry, Chief Security Officer,  Cybereason
March 06, 2020
Proactively approach security by performing hunts and searching for suspicious behaviour before an incident starts.
The rubber hits the Wall Street road when Fortune 500 companies start readjusting earnings due to cyber attacks, as there is nothing that will get the attention of board members and investors more than an assault on revenues. EMCOR is not your average mom and pop company that crime groups are focusing on more and more. This is a Fortune 500 enterprise with more than 30,000 employees, $10 billion i ....
Jonathan Knudsen, Senior Security Strategist ,  Synopsys
March 06, 2020
If you fall victim to a ransomware attack, you must have a plan ready to execute.
Ransomware continues to be a popular tool for cybercriminals. The diabolical simplicity of ransomware is that the attacker first locks up information, then sells it back to the one organisation where it has the most value--the victim. Several defences reduce the risk of a ransomware attack: Security education can help users be savvy about the dangers of phishing and other common attacks. If ....
Andre Gironda, VP,  Cerberus Sentinel
March 06, 2020
When Ryuk and DoppelPaymer have both broke loose, Nemty, REvil, or GandCrab could be hiding their tracks in that same environment.
Ransomware operations are thorough, complete, and usually totally devastating. The operators of Ryuk in particular are relentless and efficient. They don't have to change tactics very often. Some threat communities have figured out the formula to monetize their operations and some are still testing out the waters. Yet the threat communities share. Where you see Emotet, you will see TrickBot, and t ....
Javvad Malik, Security Awareness Advocate,  KnowBe4
March 06, 2020
Therefore, this becomes an even more important case of prevention being far better than cure.
Details around the actual impact of the ransomware and affected systems is scarce, but it is important to note that the adjustment of Q4 earning numbers as a result of the attack should not be underestimated. For many organisations across industries such as manufacturing, there isn't usually a viable backup procedure to fallback on if IT systems are taken offline. This is why the impact on such o ....
Erich Kron, Security Awareness Advocate,  KnowBe4
March 06, 2020
The top preventative measures include network segmentation to control the spread of the infection.
This attack demonstrates that regardless of the size of your organization, ransomware can still be a significant problem. It would appear that the event was contained quickly in this case and the organization appears to have done a good job with communication, especially in light of the newer strains of ransomware exfiltrating data. Ransomware infections are no longer rare events with infections ....
Javvad Malik, Security Awareness Advocate,  KnowBe4
March 06, 2020
This prevention can be helped by a multi-layered approach which includes patching vulnerable public-facing systems.
Details around the actual impact of the ransomware and affected systems is scarce, but it is important to note that the adjustment of Q4 earning numbers as a result of the attack should not be underestimated. For many organisations across industries such as manufacturing, there isn't usually a viable backup procedure to fall back on if IT systems are taken offline. This is why the impact on such ....
Felix Rosbach, Product Manager,  comforte AG
March 06, 2020
The costs and resources needed to do a complete rollback after a successful ransomware attack.
While a lot of companies are aware of ransomware and develop strategies to prevent attacks and recover quickly, it still is a very effective attack. Even with having a sophisticated backup strategy in place, the costs and resources needed to do a complete rollback after a successful ransomware attack can be higher than paying the ransom. Even if sending payments to attackers is never a good idea, ....
