Ingram Micro has confirmed a ransomware attack that affected internal systems and forced some services offline. The global IT distributor says it acted quickly to contain the incident, implemented mitigation steps, and involved cybersecurity experts.
The company is working with a third-party firm to investigate the breach and has informed law enforcement. Order processing and shipping operations have been disrupted while systems are being restored.
While details remain limited, the attack is reportedly linked to the SafePay ransomware group.
According to BleepingComputer, the gang exploited Ingram's GlobalProtect VPN to gain access last Thursday.
In response, Ingram Micro shut down multiple platforms, including GlobalProtect VPN and its Xvantage AI platform. Employees were instructed to work remotely as a precaution during the response effort.
SafePay first appeared in late 2024 and has targeted over 220 companies. It often breaches networks using password spraying and compromised credentials, primarily through VPNs.
Ingram Micro has not disclosed what data was accessed or the size of the ransom demand.
The company apologised for the disruption and said it is working to restore systems as quickly as possible.
