Cyber Incident Victim: EVRAZ

On March 5, 2020, EVRAZ, a global steel manufacturing and mining company owned by Russian oligarch Roman Abramovich, suffered a ransomware attack impacting its North American operations. The intrusion was attributed to the Ryuk ransomware strain, which disrupted steel production plants across the United States and Canada. Internal sources confirmed manufacturing halted at most facilities as IT teams worked to contain the infection and prevent lateral movement within corporate networks. The attack specifically targeted EVRAZ’s North American division, which employs approximately 1,400 personnel in the US and 1,800 in Canada. No operational details about European branches were disclosed, and attempts to contact those offices after business hours were unsuccessful. The company did not publicly confirm the incident’s scope or provide restoration timelines.

The ransomware incident compounded existing financial challenges for EVRAZ, which had recently disclosed a 7.3% year-over-year revenue decline to $11.91 billion and a 72% drop in pretax profit to $902 million in 2019. These figures contributed to a 7% share price decline in late February 2020, preceding the cyberattack. EVRAZ joined a list of prominent ransomware victims including EMCOR, Epiq Global, and Bretagne Télécom, though no threat actor claimed responsibility or specified ransom demands in this case. The company’s North American division declined to comment on operational impacts or recovery efforts. No additional technical specifics regarding attack vectors, data exfiltration, or network containment methodologies were disclosed by EVRAZ or corroborating sources.