An ongoing outage at IT big Ingram Micro is attributable to a SafePay ransomware assault that led to the shutdown of inner programs, BleepingComputer has realized.
Ingram Micro is without doubt one of the world’s largest business-to-business expertise distributors and repair suppliers, providing a spread of options together with {hardware}, software program, cloud companies, logistics, and coaching to resellers and managed service suppliers worldwide.
Since Thursday, Ingram Micro’s web site and on-line ordering programs have been down, with the corporate not disclosing the reason for the problems.
BleepingComputer has now realized that the outages are attributable to a cyberattack that occurred early Thursday morning, with staff out of the blue discovering ransom notes created on their units.
The ransom word, seen by BleepingComputer, is related to the SafePay ransomware operation, which has turn into one of many extra lively operations in 2025. It is unclear if units had been really encrypted within the assault.
It must be famous that whereas the ransom word claims to have stolen all kinds of knowledge, that is generic language utilized in all SafePay ransom notes and is probably not true for the Ingram Micro assault.
Source: BleepingComputer
Do you will have details about this or one other cyberattack? If you need to share the data, you possibly can contact us securely and confidentially on Signal at LawrenceA.11, through e mail at lawrence.abrams@bleepingcomputer.com, or through the use of our ideas type.
Sources have informed BleepingComputer that it’s believed the risk actors breached Ingram Micro by its GlobalProtect VPN platform.
Once the assault was found, staff in some places had been informed to work at home. The firm additionally shut down inner programs, telling staff to not use the corporate’s GlobalProtect VPN entry, which was mentioned to be impacted by the IT outage.
Systems which are impacted in lots of places embody the corporate’s AI-powered Xvantage distribution platform and the Impulse license provisioning platform. However, BleepingComputer was informed that different inner companies, resembling Microsoft 365, Teams, and SharePoint, proceed to function as standard.
As of yesterday, Ingram Micro has not disclosed the assault publicly or to its staff, solely stating there are ongoing IT points, as indicated by company-wide advisories shared with BleepingComputer.
The SafePay ransomware gang is a comparatively new operation that was first seen in November 2024, accumulating over 220 victims since then.
The ransomware operation has been beforehand noticed breaching company networks by VPN gateways utilizing compromised credentials and password spray assaults.
BleepingComputer contacted Ingram Micro yesterday and at the moment concerning the outages and ransomware assault, however didn’t obtain a response to our emails.
While cloud assaults could also be rising extra refined, attackers nonetheless succeed with surprisingly easy methods.
Drawing from Wiz’s detections throughout 1000’s of organizations, this report reveals 8 key methods utilized by cloud-fluent risk actors.