Are you a client?
Sign in to view the full news archive.
One of the world's largest business-to-business technology distributors, Ingram Micro, has fallen victim to a significant cyber attack that has crippled its operations since Thursday. The outage, which has affected the company's website and online ordering systems, has now been confirmed as the result of a SafePay ransomware attack, according to reporting by BleepingComputer.
The attack began early Thursday morning, with employees discovering ransom notes on their devices. Sources have indicated that the threat actors likely breached Ingram Micro's network through its GlobalProtect VPN platform, highlighting the continued vulnerability of remote access systems to cybercriminal exploitation.
Following the discovery of the breach, the company took immediate defensive measures. Employees in some locations were instructed to work from home, whilst internal systems were shut down as a precautionary measure. The company has specifically advised staff not to use the GlobalProtect VPN access, which has been compromised by the attack.
The impact on Ingram Micro's operations has been substantial. The company's AI-powered Xvantage distribution platform and Impulse licence provisioning platform are amongst the systems affected. However, some services including Microsoft 365, Teams, and SharePoint continue to function normally, allowing limited business continuity.
SafePay represents a relatively new but increasingly active ransomware operation. First observed in November 2024, the group has already accumulated over 220 victims, making it one of the more prolific ransomware gangs operating in 2025. The group has previously been observed targeting corporate networks through VPN gateways using compromised credentials and password spray attacks.
Ingram Micro has since acknowledged the ransomware attack (initally just referring to it as an IT incident) and yesterday reported that it has made progress in restoring some aspects of its transactional business. It is still unclear what the full impact and cost of the breach will be.
Posted by: Simon Baxter at 09:45