Replace 7/6/25: Added Ingram Micro’s affirmation it suffered a ransomware assault beneath. Additionally up to date ransom notice with clearer model.
An ongoing outage at IT big Ingram Micro is brought on by a SafePay ransomware assault that led to the shutdown of inner techniques, BleepingComputer has discovered.
Ingram Micro is without doubt one of the world’s largest business-to-business expertise distributors and repair suppliers, providing a spread of options together with {hardware}, software program, cloud companies, logistics, and coaching to resellers and managed service suppliers worldwide.
Since Thursday, Ingram Micro’s web site and on-line ordering techniques have been down, with the corporate not disclosing the reason for the problems.
BleepingComputer has now discovered that the outages are brought on by a cyberattack that occurred early Thursday morning, with workers all of the sudden discovering ransom notes created on their gadgets.
The ransom notice, seen by BleepingComputer, is related to the SafePay ransomware operation, which has turn into one of many extra energetic operations in 2025. It’s unclear if gadgets have been truly encrypted within the assault.
It must be famous that whereas the ransom notice claims to have stolen all kinds of data, that is generic language utilized in all SafePay ransom notes and will not be true for the Ingram Micro assault.
Supply: BleepingComputer
Do you will have details about this or one other cyberattack? If you wish to share the data, you’ll be able to contact us securely and confidentially on Sign at LawrenceA.11, by way of e mail at lawrence.abrams@bleepingcomputer.com, or through the use of our ideas kind.
Sources have informed BleepingComputer that it’s believed the menace actors breached Ingram Micro by way of its GlobalProtect VPN platform.
As soon as the assault was found, workers in some places have been informed to do business from home. The corporate additionally shut down inner techniques, telling workers to not use the corporate’s GlobalProtect VPN entry, which was mentioned to be impacted by the IT outage.
Programs which might be impacted in lots of places embody the corporate’s AI-powered Xvantage distribution platform and the Impulse license provisioning platform. Nevertheless, BleepingComputer was informed that different inner companies, corresponding to Microsoft 365, Groups, and SharePoint, proceed to function as normal.
As of yesterday, Ingram Micro has not disclosed the assault publicly or to its workers, solely stating there are ongoing IT points, as indicated by company-wide advisories shared with BleepingComputer.
The SafePay ransomware gang is a comparatively new operation that was first seen in November 2024, accumulating over 220 victims since then.
The ransomware operation has been beforehand noticed breaching company networks by way of VPN gateways utilizing compromised credentials and password spray assaults.
BleepingComputer contacted Ingram Micro yesterday and right now in regards to the outages and ransomware assault, however didn’t obtain a response to our emails.
Replace 7/6/25: In a quick Sunday morning announcement, Ingram Micro has confirmed that they suffered a ransomware assault.
“Ingram Micro lately recognized ransomware on sure of its inner techniques,” reads Ingram Micro’s assertion.
“Promptly after studying of the difficulty, the Firm took steps to safe the related atmosphere, together with proactively taking sure techniques offline and implementing different mitigation measures. The Firm additionally launched an investigation with the help of main cybersecurity consultants and notified regulation enforcement.”
“Ingram Micro is working diligently to revive the affected techniques in order that it might probably course of and ship orders, and the Firm apologizes for any disruption this difficulty is inflicting its clients, vendor companions, and others.”
Whereas cloud assaults could also be rising extra refined, attackers nonetheless succeed with surprisingly easy strategies.
Drawing from Wiz’s detections throughout hundreds of organizations, this report reveals 8 key strategies utilized by cloud-fluent menace actors.
