Ingram Micro responds to ransomware incident impacting internal systems

Techday NZ

08-07-2025

Ingram Micro has confirmed a ransomware attack targeting its internal systems, leading to operational disruption and an ongoing effort to restore affected services. The global technology distributor issued a statement acknowledging the incident and outlining steps taken to secure its environment and mitigate potential damage.
"Ingram Micro recently identified ransomware on certain of its internal systems," the company said in a statement issued on 5 July. "Promptly after learning of the issue, the Company took steps to secure the relevant environment, including proactively taking certain systems offline and implementing other mitigation measures. The Company also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement."
The company is currently focused on restoring affected systems and minimising disruption to business operations. "Ingram Micro is working diligently to restore the affected systems so that it can process and ship orders, and the Company apologises for any disruption this issue is causing its customers, vendor partners, and others," the statement read.
Expert voices warn on supply chain risks
Industry experts have highlighted the growing risks associated with third-party access in the wake of the attack. Gareth Roberts, Head of Delivery at tmc3, a Qodea company, said: "It is crucial to remember that organisations are only as secure as their weakest link. Therefore, assessing the security practices of third-party suppliers and ensuring that data protection standards are being upheld is vital to a company's security posture."
Roberts underscored the importance of communication and transparency throughout the supply chain, noting that technical safeguards also play a key role in preventing such incidents. "To further protect information, businesses can implement specific technical measures such as strong encryption for data both in transit and at rest, which makes it unreadable to unauthorised users. Additionally, enforcing access controls and multi-factor authentication (MFA) helps ensure that sensitive data is only accessible to those who require it," he advised.
Alleged threat actor and industry context
The ransomware incident at Ingram Micro has reportedly been linked to a group known as SafePay, which allegedly accessed the company's systems via a compromised virtual private network (VPN). Jim Routh, Chief Trust Officer at Saviynt, commented: "The attack on Ingram Micro allegedly by SafePay is another example of the preference for threat actors to use compromised credentials to penetrate proprietary systems, in this case, gaining access to the virtual private network of Ingram Micro. Enterprises have an opportunity to improve their identity security capabilities to resist these types of attacks in the future."
Chris Hauk, Consumer Privacy Champion at Pixel Privacy, provided further context regarding the threat landscape. "With the toppling of LockBit and ALPHV, this has opened up 'opportunities' for upstart ransomware groups like SafePay. The group first gained fame with an early high-profile SafePay ransomware attack on UK telematics business Microlise, with SafePay claiming to have stolen 1.2 terabytes of data and demanding payment in less than 24 hours. However, little remains known about the group," Hauk noted.
Hauk added: "The reports I've seen indicate the group moves quickly, with fast encryption times, seeing attacks typically move from system breach to deployment in less than 24 hours."
He emphasised that organisations can protect against similar threats by implementing a series of robust security measures. "Organisations can protect against SafePay and similar types of ransomware attacks by placing strict access controls on their systems, strong authentication like multi-factor authentication, monitoring for newly discovered vulnerabilities, and implementing secure VPN connections to provide remote access," Hauk said.
Ongoing investigation and mitigation efforts
Ingram Micro's statement did not specify the extent of the disruption or when full system restoration is expected. The company has engaged leading cybersecurity experts to support its investigation and has notified relevant law enforcement authorities. The company also apologised for any inconvenience experienced by its customers and partners as a result of the incident.
As the investigation continues, Ingram Micro's experience underscores the persistent threat posed by ransomware and highlights the critical importance of vigilance, secure access management, and strong supply chain security practices within the IT sector.