EMCOR Group

EMCOR Group is a Fortune 500 corporation headquartered in the United States, operating as a global provider of construction and infrastructure services. The company delivers a broad portfolio of services across multiple markets, including mechanical and electrical construction, industrial services, and building infrastructure solutions. Its operational footprint extends worldwide through a network of over 80 subsidiaries, serving diverse clients in sectors such as commercial, industrial, institutional, and utility. This structure supports a significant global presence, enabling the execution of projects ranging from routine maintenance to complex, large-scale construction initiatives. The firm's scale is defined by approximately 33,000 employees and annual revenue of $9 billion, positioning it as a major entity within the engineering and construction industry. Its business model emphasizes integrated service delivery, leveraging subsidiary expertise to manage projects across various geographic regions and technical disciplines.

In February 2020, EMCOR experienced a significant cybersecurity incident when its IT systems were compromised by Ryuk ransomware. The attack prompted the company to immediately shut down certain systems as a containment measure, disrupting normal business operations. While the incident led to adjusted financial projections for the year, internal investigations concluded there was no evidence that employee or customer data was accessed or exfiltrated. The ransomware's behavior aligned with typical Ryuk patterns, focusing on encryption rather than data theft. EMCOR initiated system restoration efforts, though public details did not confirm whether a ransom was paid or the extent to which backups were utilized. This event highlighted the operational vulnerability of large, distributed corporations to targeted ransomware campaigns but also underscored the company's incident response protocols, which prioritized containment and recovery without reported data loss. The financial impact was managed through operational adjustments, and the company continued its global operations following the restoration of affected systems.