Ingram Micro confirms ransomware attack, internal systems affected and shut down

News
By published

Employees were told to work from home

security
(Image credit: Shutterstock / binarydesign)
  • Ingram Micro tells some employees to work from home as it tackles cyberattack
  • Unconfirmed reports claim the attack is the work of SafePay
  • No information about stolen data yet

Ingram Micro, a global distributor of information technology (IT) products and services, has confirmed it suffered a ransomware attack which forced it to shut down parts of its infrastructure, prevented it from operating properly, and sent some of its employees to work from home.

In a press release published on its website, the company said it recently identified ransomware on “certain of its internal systems.” As a result, it “proactively” took some systems offline, and implemented “other mitigation measures”. Third-party cybersecurity experts were also brought in to assist with the investigation, and the police were notified.

“Ingram Micro is working diligently to restore the affected systems so that it can process and ship orders, and the company apologizes for any disruption this issue is causing its customers, vendor partners, and others,” the press release concludes.

Get 55% off Incogni's Data Removal service with code TECHRADAR

Get 55% off Incogni's Data Removal service with code TECHRADAR

Wipe your personal data off the internet with the Incogni data removal service. Stop identity thieves
and protect your privacy from unwanted spam and scam calls.

View Deal

Smuggling through

While Ingram Micro did not detail the attack, the culprits, or sensitive files potentially stolen in the attack, BleepingComputer reported that the incident was the work of SafePay, a relatively young ransomware operation that emerged between September and November, 2024.

This group engages in the usual double-extortion tactics (encryption + data theft), and claims to have breached more than 200 organizations across different industries such as manufacturing, healthcare, or education.

The publication also reports that SafePay’s hackers broke in through the company’s GlobalProtect VPN platform, and left ransom notes on employee devices. Some employees were sent to work from home and were allegedly told not to use the GlobalProtect VPN access.

Among the systems impacted by the breach is Ingram Micro’s AI-powered Xvantage distribution platform, and the Impulse license provisioning platform. Other internal services are operating as usual.

Ingram Micro is a giant in the IT products and services industry, servicing more than 160,000 customers globally, including giants such as Apple, HP, or Cisco.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.