An ongoing outage at IT large Ingram Micro is brought on by a SafePay ransomware assault that led to the shutdown of inner techniques, BleepingComputer has realized.
Ingram Micro is among the world’s largest business-to-business know-how distributors and repair suppliers, providing a spread of options together with {hardware}, software program, cloud companies, logistics, and coaching to resellers and managed service suppliers worldwide.
Since Thursday, Ingram Micro’s web site and on-line ordering techniques have been down, with the corporate not disclosing the reason for the problems.
BleepingComputer has now realized that the outages are brought on by a cyberattack that occurred early Thursday morning, with workers abruptly discovering ransom notes created on their gadgets.
The ransom be aware, seen by BleepingComputer, is related to the SafePay ransomware operation, which has grow to be one of many extra energetic operations in 2025. It’s unclear if gadgets have been truly encrypted within the assault.
It must be famous that whereas the ransom be aware claims to have stolen all kinds of data, that is generic language utilized in all SafePay ransom notes and is probably not true for the Ingram Micro assault.
Supply: BleepingComputer
Do you could have details about this or one other cyberattack? If you wish to share the knowledge, you may contact us securely and confidentially on Sign at LawrenceA.11, through electronic mail at [email protected], or through the use of our suggestions kind.
Sources have instructed BleepingComputer that it’s believed the menace actors breached Ingram Micro via its GlobalProtect VPN platform.
As soon as the assault was found, workers in some areas have been instructed to earn a living from home. The corporate additionally shut down inner techniques, telling workers to not use the corporate’s GlobalProtect VPN entry, which was mentioned to be impacted by the IT outage.
Techniques which are impacted in lots of areas embrace the corporate’s AI-powered Xvantage distribution platform and the Impulse license provisioning platform. Nonetheless, BleepingComputer was instructed that different inner companies, reminiscent of Microsoft 365, Groups, and SharePoint, proceed to function as standard.
As of yesterday, Ingram Micro has not disclosed the assault publicly or to its workers, solely stating there are ongoing IT points, as indicated by company-wide advisories shared with BleepingComputer.
The SafePay ransomware gang is a comparatively new operation that was first seen in November 2024, accumulating over 220 victims since then.
The ransomware operation has been beforehand noticed breaching company networks via VPN gateways utilizing compromised credentials and password spray assaults.
BleepingComputer contacted Ingram Micro yesterday and at present in regards to the outages and ransomware assault, however didn’t obtain a response to our emails.
Whereas cloud assaults could also be rising extra subtle, attackers nonetheless succeed with surprisingly easy methods.
Drawing from Wiz’s detections throughout hundreds of organizations, this report reveals 8 key methods utilized by cloud-fluent menace actors.
