Ingram Micro, one of the world’s largest technology distributors, has fallen victim to a ransomware attack that has forced the company to shut down critical internal systems. The attack, carried out by the cybercriminal group known as SafePay, has disrupted services that many businesses rely on for their technology supply chains.
How the Attack Unfolded
The attack came to light early Thursday morning when Ingram Micro employees discovered ransom notes on their computers demanding payment. According to investigators, the SafePay group exploited weaknesses in the company’s GlobalProtect VPN system to gain access to its internal networks. VPNs are designed to allow secure remote access to company systems, but in this case, they became an entry point for hackers.
The SafePay ransomware gang has been active since late 2024 and is known for targeting organizations worldwide by breaking through VPN gateways with stolen or weak passwords. Once inside, they encrypt data and demand ransom payments to restore access.
Impact on Ingram Micro’s Systems and Services
Ingram Micro was forced to take some of its critical platforms offline to prevent the spread of the ransomware. Among the affected systems are Xvantage, an AI-powered platform used for distribution management, and Impulse, a system that handles license provisioning.
Despite the disruption, services like Microsoft 365, Teams, and SharePoint remained operational, allowing some employees and partners to continue limited communication and work remotely.
Company’s Response and Ongoing Investigation
The company has taken swift action by disconnecting affected systems from the network and engaging cybersecurity experts to investigate the breach. Ingram Micro also notified law enforcement agencies to assist in tracking the attackers.
While the company has apologized for the disruption caused to its customers and partners, it has not yet disclosed how much data may have been compromised or if any ransom payment will be made. The restoration of services is underway, but no timeline has been provided for a full recovery.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
Who Is SafePay and What’s Next?
The SafePay ransomware group has targeted more than 220 victims since November 2024, primarily using stolen credentials and password attacks to infiltrate corporate networks through VPNs. Their ransom notes often claim extensive data theft, though it is unclear how much information SafePay may have taken in the Ingram Micro case.
Experts warn that such ransomware attacks on major supply chain players can have ripple effects across the technology industry, impacting customers, partners, and vendors worldwide.
Ingram Micro continues to work diligently to restore normal operations and strengthen its security measures to prevent future attacks.