Global technology distributor Ingram Micro has confirmed it was the target of a ransomware attack that compromised several of its internal systems. The breach, traced to the cybercriminal group SafePay, forced the company to shut down critical platforms to prevent further damage. Employees reportedly discovered ransom notes on their devices, with investigations revealing that the attackers gained entry via vulnerabilities in the company’s GlobalProtect VPN system.
SafePay, an active ransomware group since late 2024, is known for targeting enterprises using stolen credentials and exploiting weak remote access security. In this incident, the group encrypted key data across Ingram Micro’s networks, severely impacting distribution and licensing services.
Also read: Max Financial Probes Data Breach at Insurance Unit
Distribution platforms impacted by attack
As a precautionary measure, Ingram Micro took multiple internal platforms offline, including its AI-powered Xvantage distribution management system and the Impulse licensing platform. While essential communication tools like Microsoft 365, Teams, and SharePoint remained functional, operations across logistics and provisioning were significantly affected.
The company has not yet disclosed whether any ransom has been paid or the extent of potential data exposure. Recovery efforts are underway, although no definitive timeline has been provided.
Company response and ongoing investigations
In response to the attack, Ingram Micro immediately initiated containment procedures and engaged top-tier cybersecurity experts to conduct a full forensic investigation. Law enforcement agencies have also been notified and are assisting in the probe.
The company issued a public apology to customers and partners for the disruption caused. It reiterated its commitment to restoring services safely and strengthening internal cybersecurity measures to prevent future incidents.
SafePay’s broader threat to global supply chains
This incident adds to a growing list of ransomware attacks on critical supply chain entities. Since November 2024, SafePay has claimed over 220 victims, predominantly breaching networks via unsecured VPNs. Experts caution that attacks on major distribution networks like Ingram Micro could trigger downstream effects across the global technology ecosystem, especially as many businesses depend on these platforms for timely hardware and software deliveries.
As Ingram Micro works to bring systems back online, cybersecurity analysts are urging companies to reinforce their VPN infrastructure and adopt multi-factor authentication to defend against similar threats.
