Ingram Micro, the world’s second-biggest technology distributor after TD SYNNEX, is suffering from an ongoing ransomware attack that is affecting global orders and deliveries.
The company confirmed the attack at the weekend in a brief statement that has so far not been expanded upon, despite resellers, VARs, system integrators and managed service providers scrambling to meet customer deadlines, and some considering going to Ingram Micro’s competitors for help.
Ingram Micro said, late on Saturday night, in the US: “Ingram Micro recently identified ransomware on certain of its internal systems. Promptly after learning of the issue, the company took steps to secure the relevant environment, including proactively taking certain systems offline and implementing other mitigation measures.
“The company also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement.”
It added: “Ingram Micro is working diligently to restore the affected systems so that it can process and ship orders, and the company apologises for any disruption this issue is causing its customers, vendor partners, and others.”
Since then, channel partners have been left waiting for any further public information since the attack outbreak, which was reportedly discovered by Ingram last Thursday.
Systems impacted in multiple locations include the firm’s AI-powered Xvantage distribution platform and its Impulse license provisioning platform. Other internal services, such as Microsoft 365, Teams, and SharePoint, are believed to be working normally – aiding those Ingram staff sent home to work remotely.
The breach was first reported on by Bleeping Computer, which has seen the ransomware demands from the increasingly active SafePay ransomware group.
It is believed the attackers got in via the distributor’s GlobalProtect virtual private network (VPN) platform.
“Your IT specialists made a number of mistakes in setting up the security of your corporate network, so we were able to spend quite a long period of time in it and compromise you,” SafePay said in a ransom note.
SafePay is claiming to have accessed data including intellectual property, accounting records, personal and customer files, bank details, transactions, and information around lawsuits and complaints.
The ransomware group has publicly claimed previous attacks across the US, the UK, and Germany, among other countries.
