Ingram Micro hit by SafePay ransomware, causing major outage
▼ Summary
– Ingram Micro suffered a ransomware attack by the SafePay operation, leading to system shutdowns and internal disruptions.
– The attack began early Thursday, with employees discovering ransom notes on their devices, though it’s unclear if data was encrypted.
– SafePay, active since November 2024, likely breached Ingram Micro via its GlobalProtect VPN using compromised credentials.
– Ingram Micro initially kept the attack private, only acknowledging “ongoing IT issues” before confirming the ransomware incident on Sunday.
– The company is working to restore affected systems, including its Xvantage and Impulse platforms, while services like Microsoft 365 remain operational.
Ingram Micro, a global leader in IT distribution, has confirmed a ransomware attack by the SafePay group that forced the company to take critical systems offline. The incident began last Thursday, disrupting online services and internal operations across multiple locations. While the full impact remains unclear, the attack has significantly affected the company’s ability to process orders and deliver services to its extensive network of resellers and partners.
Employees first noticed the breach when ransom notes appeared on their devices, signaling a widespread compromise. The SafePay ransomware gang, active since late 2024, is suspected of gaining access through Ingram Micro’s GlobalProtect VPN platform. Though the ransom note claims extensive data theft, experts caution that such language is often boilerplate and may not reflect actual exfiltration.
In response, the company instructed some staff to work remotely while shutting down compromised systems, including its AI-driven Xvantage distribution platform and Impulse licensing tool. However, core services like Microsoft 365 and Teams remained operational. Despite the disruption, Ingram Micro initially communicated only generic IT issues to employees, avoiding public acknowledgment until Sunday.
SafePay has rapidly emerged as a significant threat, targeting corporate networks via VPN vulnerabilities and credential-based attacks. With over 220 victims in less than a year, the group’s tactics highlight the growing risks facing enterprise IT infrastructure.
Ingram Micro has since engaged cybersecurity experts and law enforcement to investigate the breach. Restoration efforts are underway, though the company has yet to provide a timeline for full recovery. Customers and partners have been advised to expect delays as systems gradually come back online.
For those with additional details on this or similar incidents, secure reporting channels remain available through trusted cybersecurity outlets. The situation underscores the critical need for robust VPN security and proactive threat monitoring in today’s digital supply chains.
(Source: Bleeping Computer)
