Excerpt from Cybernews Article, Published on July 8, 2025
Ingram Micro, a leading global IT distributor, recently identified a ransomware attack affecting several of its internal systems. The company promptly took affected systems offline and launched an investigation with the help of third-party cybersecurity experts. Law enforcement agencies have also been notified as part of the response efforts.
The attack, attributed to the SafePay ransomware group, began around July 3, 2025, and caused outages impacting Ingram Micro’s GlobalProtect VPN, AI-powered Xvantage platform, and Impulse license provisioning system. Employees were instructed to work remotely while the company secured its environment and mitigated further risks.
Although Ingram Micro has not disclosed the full scope of the breach or whether any data was exfiltrated, sources indicate the attackers exploited vulnerabilities in the company’s VPN gateway using compromised credentials. The SafePay group, active since late 2024, has targeted over 220 organizations worldwide, often leveraging password spraying and VPN weaknesses.
Ingram Micro is working diligently to restore affected systems to resume order processing and shipping operations. The company apologized for any disruption caused to customers, vendors, and partners during this period.
This incident underscores the growing threat of ransomware attacks on critical IT supply chain providers and highlights the importance of robust cybersecurity controls, especially around VPN access and remote work infrastructure.
To delve deeper into this topic, read the Cybernews article.
