Ingram Micro, one of the world’s largest IT distributors, has confirmed that a ransomware attack caused an ongoing outage affecting its systems and services. The incident, which began on July 3, 2025, has impacted the company’s ability to process online orders, manage back-end systems, and provide essential services to partners and clients.
The ransomware group, identifying itself as “SafePay,” claims responsibility for the attack. Ingram Micro disclosed that the attackers likely gained access via compromised VPN credentials or network misconfigurations.
Impact of the Attack
Service Disruption
Ingram Micro’s website, ordering platforms, and internal systems across the United States, Europe, and Asia have faced outages. The attack affects critical services like software licensing, provisioning, and cloud distribution.
Operational Shutdowns
Some offices, such as those in Bulgaria, were forced to suspend operations and send employees home during the July 4 holiday period.
Customer Impact
Business partners and clients relying on Ingram Micro for IT services, licensing, and hardware distribution have experienced delays and interruptions.
Company Response
Ingram Micro has taken several immediate steps:
- Systems Taken Offline: Affected systems were disconnected to contain the spread.
- Incident Response: The company immediately engaged cybersecurity experts and law enforcement agencies.
- Ongoing Updates: The company is actively restoring services and communicating updates through official channels.
While some services, including Microsoft 365 and SharePoint, remained accessible, the company is working to bring all affected systems back online.
Lessons and Implications
This incident highlights critical security takeaways for businesses:
- VPN Security: Organizations must ensure VPN security with multi-factor authentication (MFA) and regular vulnerability assessments.
- Supply Chain Risk: Third-party service providers can become points of compromise with wide-reaching effects.
- Incident Preparedness: Having an incident response plan is vital for business continuity in the face of ransomware and other cyber threats.
Final Thoughts
As Ingram Micro continues its recovery efforts, the event underscores the growing sophistication of ransomware attacks and the importance of robust cybersecurity defenses. Businesses have to remain vigilant and reassess their security postures to mitigate similar risks in their own operations.
