Latest news with #SafePay
Yahoo
5 days ago
- Business
- Yahoo
Ingram Micro Recovers Quickly From July 2025 Cyberattack
Ingram Micro Holding Corporation (NYSE:INGM) is one of the best new tech stocks with huge upside potential. On July 5, Ingram Micro Holding reported that the company experienced a significant cybersecurity incident over the July 4th holiday weekend in 2025. The company initially detected ransomware on certain internal systems, which prompted immediate action to secure the environment, such as proactively taking some systems offline and implementing other mitigation measures. A computer programmer working on a holographic digital twin technology software solution. Ingram launched an investigation with cybersecurity experts and notified law enforcement. The cyberattack was attributed to the SafePay ransomware group and reportedly began a day prior, on July 3. The company confirmed on July 8 that the incident was contained and remediated, and by late July 9, Ingram Micro had restored operations globally. Ingram Micro Holding Corporation (NYSE:INGM) distributes IT products, cloud, and other services in North America, Europe, the Middle East, Africa, the Asia-Pacific, Latin America, and internationally. While we acknowledge the potential of INGM as an investment, we believe certain AI stocks offer greater upside potential and carry less downside risk. If you're looking for an extremely undervalued AI stock that also stands to benefit significantly from Trump-era tariffs and the onshoring trend, see our free report on the . READ NEXT: and . Disclosure: None. This article is originally published at Insider Monkey. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
08-07-2025
- Business
- Yahoo
Ingram Micro investigating ransomware attack
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. Ingram Micro said Saturday that it is investigating a ransomware attack after discovering suspicious activity on its internal network. The Irvine, Calif.-based technology firm said it proactively took certain systems offline, notified law enforcement and retained outside forensic experts to help with the investigation. The company said it is working diligently to restore normal operations following the attack, which has affected its ability to process and ship orders. The SafePay ransomware group has reportedly claimed credit for the attack. Researchers have seen an uptick in activity from SafePay since May, according to Jamie Levy, director of adversary tactics at Huntress. The hacker group, first discovered in October 2024, has breached targeted companies using internet-exposed Remote Desktop Protocol as well as targeted virtual private networks. SafePay has been among the most active of all ransomware gangs, with 18% of attacks being linked to the group, according to Matt Hull, global head of threat intelligence at NCC. The group has been active since at least November 2024 and is believed to be a rebrand of other top ransomware gangs, possibly including LockBit, AlphV or INC. NCC recently responded to an attack linked to SafePay that involved the hackers gaining initial access through a misconfigured firewall and bypassing multifactor authentication, according to a March report. The hackers also used ScreenConnect to gain persistence inside of a network, according to NCC. Ingram Micro has not disclosed any details about how the attackers gained access to its systems. The company also has not estimated the hack's financial impact. It reported net sales of $12.3 billion on non-GAAP earnings of $144 million, or 61 cents a share, during the fiscal first quarter. The company's latest forecast calls for net sales of $11.7 billion to $12.2 billion in the fiscal second quarter, on earnings between 53 cents to 63 cents a share.
Axios
08-07-2025
- Business
- Axios
Ransomware knocks global IT supplier offline
Ingram Micro, a leading tech supplier for manufacturers and cloud providers, says it's made "important progress" as it recovers from a ransomware attack. Why it matters: While not a household name, Ingram Micro works with thousands of companies, including major brands like Apple and Microsoft, to distribute hardware, software and other tech services. Outages could cause shipping delays, stall cloud services, and lead to further data breaches of customers' sensitive information. Driving the news: After days of outages, Ingram Micro shared details about the ransomware attack in a statement Saturday night. The global IT distributor said hackers had taken some of its internal systems offline, and the company proactively shut down some other systems to contain the attack. "Ingram Micro is working diligently to restore the affected systems so that it can process and ship orders, and the Company apologizes for any disruption this issue is causing its customers, vendor partners, and others," the company said in the statement. The company also said Monday that it has started taking online subscription orders again, and it can now process orders via phone and email from customers across the U.K., Europe, South America and southeast Asia. "Some limitations still exist with hardware and other technology orders, which will be clarified as orders are placed," the company added. Zoom in: Over the weekend, customers reported they were unable to place orders. The company's website went offline Thursday morning but came back online sometime yesterday. Customers have also complained on social media about emails to Ingram Micro account managers bouncing back, according to The Register. BleepingComputer reported that the hackers are using the relatively new SafePay ransomware strain, and employees opened their computers to ransom notes last week. The big picture: Hackers often target third-party, behind-the-scenes companies like Ingram Micro because of the ripple effects just one incident can have. Not only will a company like Ingram Micro go dark, but its customers will also face the effects for weeks as the company works to come back online. That cascading effect could make companies like Ingram Micro more willing to pay a ransom to decrypt their systems or prevent the publication of any stolen customer data. What to watch: Ingram Micro has yet to disclose how the hackers broke into its systems or which hacker group is behind the attack.
Techday NZ
08-07-2025
- Business
- Techday NZ
Ingram Micro responds to ransomware incident impacting internal systems
Ingram Micro has confirmed a ransomware attack targeting its internal systems, leading to operational disruption and an ongoing effort to restore affected services. The global technology distributor issued a statement acknowledging the incident and outlining steps taken to secure its environment and mitigate potential damage. "Ingram Micro recently identified ransomware on certain of its internal systems," the company said in a statement issued on 5 July. "Promptly after learning of the issue, the Company took steps to secure the relevant environment, including proactively taking certain systems offline and implementing other mitigation measures. The Company also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement." The company is currently focused on restoring affected systems and minimising disruption to business operations. "Ingram Micro is working diligently to restore the affected systems so that it can process and ship orders, and the Company apologises for any disruption this issue is causing its customers, vendor partners, and others," the statement read. Expert voices warn on supply chain risks Industry experts have highlighted the growing risks associated with third-party access in the wake of the attack. Gareth Roberts, Head of Delivery at tmc3, a Qodea company, said: "It is crucial to remember that organisations are only as secure as their weakest link. Therefore, assessing the security practices of third-party suppliers and ensuring that data protection standards are being upheld is vital to a company's security posture." Roberts underscored the importance of communication and transparency throughout the supply chain, noting that technical safeguards also play a key role in preventing such incidents. "To further protect information, businesses can implement specific technical measures such as strong encryption for data both in transit and at rest, which makes it unreadable to unauthorised users. Additionally, enforcing access controls and multi-factor authentication (MFA) helps ensure that sensitive data is only accessible to those who require it," he advised. Alleged threat actor and industry context The ransomware incident at Ingram Micro has reportedly been linked to a group known as SafePay, which allegedly accessed the company's systems via a compromised virtual private network (VPN). Jim Routh, Chief Trust Officer at Saviynt, commented: "The attack on Ingram Micro allegedly by SafePay is another example of the preference for threat actors to use compromised credentials to penetrate proprietary systems, in this case, gaining access to the virtual private network of Ingram Micro. Enterprises have an opportunity to improve their identity security capabilities to resist these types of attacks in the future." Chris Hauk, Consumer Privacy Champion at Pixel Privacy, provided further context regarding the threat landscape. "With the toppling of LockBit and ALPHV, this has opened up 'opportunities' for upstart ransomware groups like SafePay. The group first gained fame with an early high-profile SafePay ransomware attack on UK telematics business Microlise, with SafePay claiming to have stolen 1.2 terabytes of data and demanding payment in less than 24 hours. However, little remains known about the group," Hauk noted. Hauk added: "The reports I've seen indicate the group moves quickly, with fast encryption times, seeing attacks typically move from system breach to deployment in less than 24 hours." He emphasised that organisations can protect against similar threats by implementing a series of robust security measures. "Organisations can protect against SafePay and similar types of ransomware attacks by placing strict access controls on their systems, strong authentication like multi-factor authentication, monitoring for newly discovered vulnerabilities, and implementing secure VPN connections to provide remote access," Hauk said. Ongoing investigation and mitigation efforts Ingram Micro's statement did not specify the extent of the disruption or when full system restoration is expected. The company has engaged leading cybersecurity experts to support its investigation and has notified relevant law enforcement authorities. The company also apologised for any inconvenience experienced by its customers and partners as a result of the incident. As the investigation continues, Ingram Micro's experience underscores the persistent threat posed by ransomware and highlights the critical importance of vigilance, secure access management, and strong supply chain security practices within the IT sector.
Yahoo
07-07-2025
- Business
- Yahoo
Ingram Micro says ongoing outage caused by ransomware attack
Ingram Micro, a U.S. technology distributing giant and managed services provider, said on Monday a ransomware attack is the cause of an ongoing outage at the company. The hack began on Thursday, after which the company's website and much of its network went down. Late on Saturday, the company said in a brief statement that it was working to restore systems so it can begin processing orders again. Ingram Micro on Monday alerted shareholders to the breach before markets opened in the United States. California-based Ingram Micro is one of the world's largest technology distributors, shipping tech and hardware to companies around the globe. It is also a managed service provider for its customers' clouds, effectively acting as an outsourced IT department for smaller corporate customers. The outage is reportedly affecting software licensing, preventing Ingram Micro's customers from using or provisioning some products that rely on Ingram's systems. No major ransomware group has taken credit for the breach yet, but Bleeping Computer reports that the hack was caused by the SafePay ransomware gang. It's not uncommon for ransomware gangs to name hacked companies and publish portions of stolen data in an effort to extort victims into paying ransoms. Ingram Micro spokesperson Lisa Zwick did not immediately return a request for comment. Do you know more about the ransomware attack at Ingram Micro? Are you a corporate customer affected by the disruption? Securely contact this reporter via encrypted message at zackwhittaker.1337 on Signal. Sign in to access your portfolio
