FlagThis - #cyberattack

Ingram Micro, a global IT distributor, has confirmed it was hit by a SafePay ransomware attack, causing a significant outage affecting its websites and internal systems. The attack, which began on July 3, 2025, has disrupted order processing and shipments, impacting customers, vendor partners, and others who rely on the company's services. Ingram Micro, one of the world's largest technology distributors with approximately 24,000 employees and $48 billion in revenue in 2024, is working diligently to restore affected systems.

The company's initial response involved proactively taking certain systems offline and implementing other mitigation measures to secure the environment. Leading cybersecurity experts were engaged to assist with the investigation, and law enforcement was notified. Ingram Micro said that internal alerts, investigation protocols, and communications with key clients and stakeholders were immediately initiated, a statement was released to explain the suspected vulnerabilities exploited by the ransomware.

Sources indicate that the SafePay ransomware group gained access through Ingram Micro's GlobalProtect VPN platform. The attack has impacted various systems, including the company's AI-powered Xvantage distribution platform and the Impulse license provisioning platform, leading to shipment backlogs and licensing interruptions across platforms such as Microsoft 365 and Dropbox. While it remains unclear if data was encrypted, the ransomware note claimed to have stolen various types of information. As a result, Ingram Micro's customers may experience delays as the company focuses on restoring its systems.


References :

• bsky.app: BleepingComputer reports on Ingram Micro experiencing a global outage impacting websites and internal systems.
• Talkback Resources: BleepingComputer reports that an ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack.
• Rescana: Ingram Micro Legacy Systems Outage: How the SafePay Ransomware Attack Disrupted Global Supply Chain Operations
• nerds.xyz: Ingram Micro admits ransomware attack disrupted its systems and delayed shipments
• The Register - Security: Ingram Micro confirms ransomware behind multi-day outage
• Talkback Resources: Ingram Micro suffers global outage as internal systems inaccessible
• Talkback Resources: Ingram Micro confirms ransomware behind multi-day outage
• Blog: IT provider Ingram Micro hit by SafePay ransomware
• techcrunch.com: Ingram Micro says ongoing outage caused by ransomware attack
• Metacurity: IT giant Ingram Micro's systems shut down after SafePay ransomware attack
• www.cybersecuritydive.com: Ingram Micro investigating ransomware attack
• MicroScope: Ingram Micro hit by ransomware attack
• www.itpro.com: Everything we know about the Ingram Micro cyber attack so far
• www.metacurity.com: IT giant Ingram Micro's systems shut down after SafePay ransomware attack
• www.it-daily.net: Serious hacker attack: Ingram Micro confirms ransomware
• MicroScope: Ingram Micro ransomware attack contained and remediated
• The Register - Software: Ingram Micro restarts orders – for some – following ransomware attack
• Malware ? Graham Cluley: Ingram Micro confirms it has been hit by ransomware
• cyberpress.org: Ingram Micro Recovers Operations Following Disruptive Ransomware Attack
• www.cybersecuritydive.com: Ingram Micro restores global operations following hack

Classification:

• HashTags: #ransomware #cyberattack #ingrammicro
• Company: Ingram Micro
• Target: Ingram Micro
• Attacker: SafePay
• Product: internal systems
• Feature: Ransomware Attack
• Malware: SafePay
• Type: Ransomware
• Severity: Major