IP Photonics Corp. was hit recently with a ransomware attack that shut down their IT systems worldwide as first reported by Bleeping Computer on Friday. The ransomware used in this attack is known as RansomExx or Ransom X. The RansomExx variant was first discovered in July 2020, and is believed to be a newer version of the Defray 777 ransomware. Included with the ransom note were instructions for the victim to send a small encrypted file that could be unencrypted as proof that the threat actors would deliver on their end of the promise when the ransom was paid. The ransom note also demands that no law enforcement be contacted. This comes as a challenge because not only does the company develop fiber lasers for cutting, welding and medical use, they also develop laser weapons for the US Department of Defense, so this means the attack could have national security implications. It is unknown right now who is behind the attack—some believe that it could be Russian state sponsored attacks, but this attack seems to be financially motivated.
Analyst Notes
While it is unknown how the ransomware made its way into the company, it’s important to remind users to never open attachments or follow links in email messages if the sender is unknown. The combination of anti-virus software with Endpoint Detection and Response (EDR) tools can help prevent or quickly stop intrusions before damage is done. A monitoring plan that allows defenders to respond to threats 24 hours a day, seven days a week is also very important and should be suggested when deciding how to defend against ransomware. Having solid detection capabilities and quick response time will allow businesses to get ahead of the infection and stop it before important files are compromised. At Binary Defense, our Security Operations Center (SOC) analysts monitor endpoints for signs of intrusions and respond appropriately as soon as any suspicious activity occurs.
Sources: https://siliconangle.com/2020/09/20/laser-developer-ipg-photonics-hit-ransomware-attack/
https://www.bleepingcomputer.com/news/security/leading-us-laser-developer-ipg-photonics-hit-with-ransomware/
