IPG Photonics, an Oxford-Massachusetts-based developer of fiber lasers for cutting, welding, medical use, and laser weaponry suffered a ransomware attack that disrupted operations.

IPG Photonics has locations worldwide where they employ over 4,000 people and had a $1.3 billion revenue in 2019. The company’s lasers were used as part of the U.S. Navy’s Laser Weapon System (LaWS) installed on the USS Ponce. This system is an experimental defensive weapon against small threats and vehicles.

BleepingComputer ended up contacted by a source with knowledge of the attack who said a ransomware attack had disrupted its operations.

Due to the attack, IPG Photonics IT systems shutdown worldwide, affecting email, phones, and network connectivity in the offices.With these systems down, manufacturing parts and shipping have become unavailable.

A partial ransom note said the RansomExx ransomware operation conducted the attack.

RansomExx is a rebranded version of the Defray777 ransomware and has seen increased activity since June when they attacked the Texas Department of Transportation (TxDOT) and Konica Minolta in August.

Like other RansomExx ransom notes, the attackers tell the victim not to contact law enforcement as ransom payments could be blocked.

This same message was shown in the ransom note left behind during the Konica Minolta Ransomware attack.

The ransom note also claimed the attackers have stolen data from “TFS repositories and something else.”

Ransom EXX does not have a ransomware data leak site, and we are not aware of them releasing victim’s stolen data in the past.

IPG Photonics was not immediately available for comment.

“The ransomware attack against IPG Photonics highlights a concerning trend,” said Andrea Carcano, co-Founder of IT-OT security provider, Nozomi Networks. “Attackers are demanding higher ransoms, and targeting larger and more critical organizations. These threats should be a serious concern for security professionals responsible for keeping not only IT, but OT and IoT networks safe. In the manufacturing business, time is money, so the disruption of IT services as well as manufacturing downtime and shipment delays, translates to lost revenue.

“The proliferation and complexity of ransomware attacks signifies the growing need for organizations to take the necessary steps to secure their systems. It is never advisable to pay the ransom, and organizations that give in to the hackers’ demands are only fueling the profitability of the ransomware industry for attackers.

“We know from working with thousands of industrial installations that you can monitor and mitigate these risks, whether they stem from cybercriminals, nation-states or employees. It’s a daunting task, but not impossible. A robust cyber defense strategy is the best line of defense against a ransomware attack.”