Cyber Incident Victim: IPG Photonics Corporation
Date:
Sep 2020
Location:
United States of America
Summary
IPG Photonics, a prominent U.S. fiber laser developer for industrial and medical applications, experienced a ransomware attack attributed to the RansomExx group, a rebranded variant of Defray777. The incident caused significant operational disruptions. RansomExx had previously targeted entities like the Texas Department of Transportation and Konica Minolta, indicating a pattern of high-profile attacks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 21, 2020, IPG Photonics, a prominent U.S.-based developer of fiber lasers used in industrial cutting, welding, medical applications, and defense systems, experienced a ransomware attack that disrupted its business operations. The incident was attributed to the RansomExx ransomware operation, as confirmed by a partial ransom note observed during the attack. RansomExx, identified as a rebranded variant of the earlier Defray777 ransomware, had escalated its activity in mid-2020, with prior high-profile attacks including the Texas Department of Transportation (TxDOT) in June and Konica Minolta in August. The attack on IPG Photonics was reported by cybersecurity journalist Lawrence Abrams, who initially hesitated to document the incident but proceeded after verifying the ransomware operator’s involvement. The operational disruption underscored the attack’s severity, though specific technical details regarding compromised systems, data exfiltration, or encryption scope were not publicly disclosed in available sources.
The ransomware’s identification stemmed from forensic analysis of the ransom note, which aligned with RansomExx’s known tactics. This group typically employed double-extortion strategies—encrypting data while threatening to leak stolen information—though explicit confirmation of data theft in this case remained unverified. IPG Photonics’ status as a supplier of critical laser technologies, including components for directed-energy military systems, highlighted potential supply chain risks, though no evidence suggested attacker targeting of specific intellectual property or defense contracts. BleepingComputer served as the primary public source for incident details, with cybersecurity researcher @Chum1ng0 providing additional contextual awareness. No official statements from IPG Photonics regarding incident response timelines, ransom payment decisions, or restoration efforts were cited in the reporting period. The event exemplified RansomExx’s continued targeting of high-value industrial and governmental entities during its 2020 campaign.