Ingram Micro Recovering Systems Post-Ransomware Attack
▼ Summary
– Ingram Micro suffered a global outage due to a SafePay ransomware attack before the July 4th holiday, disrupting its website and ordering systems.
– The company confirmed the ransomware attack and has since begun restoring operations, including accepting orders via phone and email in multiple countries.
– Ingram Micro performed a company-wide password and MFA reset and is gradually restoring VPN access for employees.
– While many internal systems related to ordering and logistics have been restored, the recovery process is ongoing, with employees slowly returning to in-office work.
– It remains unclear if data was stolen, but SafePay is known for data theft, and further details may emerge if a ransom isn’t paid.
Ingram Micro is making steady progress in restoring its operations following a disruptive ransomware attack that crippled systems just before the July 4th holiday. The global IT distributor experienced widespread outages, forcing employees to work remotely as critical services, including online ordering platforms, went offline.
Initial reports pointed to SafePay ransomware as the culprit behind the breach, with the company later confirming the cyberattack. Over the past few days, Ingram Micro has gradually resumed operations, enabling order processing via phone and email in multiple regions, including the US, Canada, and several European and Asian markets.
The company stated that subscription orders, such as renewals and modifications, are now being handled globally through its support teams. However, certain restrictions remain for hardware and technology-related purchases, with further details to be provided as orders are processed.
Behind the scenes, Ingram Micro has taken aggressive security measures, including a company-wide password reset and mandatory multi-factor authentication (MFA) enforcement. VPN access is also being restored in phases, allowing employees to reconnect to internal systems. Many of the core platforms for order management, logistics, and fulfillment have been brought back online, though full recovery is still underway.
While the company has not disclosed whether data was exfiltrated during the attack, SafePay’s known tactics involve data theft as part of its extortion strategy. If negotiations fail or a ransom goes unpaid, stolen information could surface publicly in the coming weeks.
Ingram Micro has yet to comment on potential data exposure, leaving customers and partners awaiting further updates. The incident underscores the growing threat of ransomware attacks targeting critical supply chain players, emphasizing the need for robust cybersecurity defenses and rapid response protocols.
As recovery efforts continue, employees are slowly returning to office work, signaling cautious optimism that normal operations will resume soon. The situation remains fluid, with additional developments expected as the company works to fully stabilize its systems.
(Source: Bleeping Computer)
