Ingram Micro Grapples WIth SafePay Ransomware Attack

Uploaded on 2025-07-09 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Ingram Micro, a leader in business-to-business technology distribution, has fallen victim to a ransomware attack perpetrated by the SafePay cybercrime group. The exploit, which was first detetected on 3rd July, has disrupted critical internal systems, forcing the company to take urgent defensive measures.

The attack has sent ripples through the global IT supply chain, highlighting vulnerabilities in even the most robust technology ecosystems.

Ingram Micro, which serves over 160,000 customers worldwide with hardware, software, and cloud services, confirmed the incident in a statement, noting that it had identified ransomware on certain systems and was working to restore operations.

Anatomy Of The Breach

The SafePay ransomware group, a relatively new but prolific actor in the cybercrime landscape, is believed to have infiltrated Ingram Micro’s network via its GlobalProtect VPN platform, likely exploiting compromised credentials or password-spraying techniques.

Active since November 2024, SafePay has claimed over 220 victims, targeting organisations through vulnerabilities in VPN gateways and remote access software.

The attack prompted Ingram to shut down key systems, including its AI-powered Xvantage distribution platform and Impulse license provisioning tool, which are integral to order processing and software licensing.

While productivity tools like Microsoft 365 and Teams remained operational, the outage caused significant disruptions, with estimated daily losses of $136 million during the peak of the crisis.

Response & Mitigation

In response to the breach, Ingram Micro acted decisively, taking affected systems offline and engaging third-party cybersecurity experts to investigate. The company also notified law enforcement. Howver its has not disclosed specific details, notably including the timing of the attack, the extent of data compromised, and SafePay’s ransom demands. Employees were instructed to work from home, and access to the GlobalProtect VPN was suspended to contain the threat.

By 8 July, Ingram Micro reported progress in restoring transactional systems, with subscription orders being processed centrally. However, full recovery of platforms like Xvantage and Impulse remains ongoing, leaving partners and customers grappling with delays.

Broader Implications

The attack highlights the established and fast-growing threat posed by ransomware groups like SafePay, which has emerged as a leading cybercriminal outfit in 2025, responsible for 18% of global ransomware attacks in May alone.

Unlike many ransomware-as-a-service operations, SafePay operates a closed system, directly controlling its attacks.

This incident deonstares the fragility of global IT supply chains, where a single breach can disrupt operations for thousands of downstream partners, including major clients like Apple, HP, and Cisco. The exploitation of VPN vulnerabilities also raises questions about the adequacy of current cybersecurity measures, particularly for critical vendors like Ingram Micro.

In expert comment, Tim Grievson, who is  CSO at ThingsRecon said "Organisations often assume that spreading suppliers across different regions or sectors provides enough insulation. In reality, many of these vendors are nested, relying on the same upstream cloud infrastructure, data centres or even security providers...

A successful attack on one layer can ripple across multiple companies, sectors or even nations...

This is where modern supply chain mapping and risk intelligence tools must be used not just for compliance, but for genuine insight. Understanding who your vendors depend on, and who their vendors depend on, is now a critical step in assessing systemic risk." Grievson concludes. 

Urgent Need Of Resilience

For Ingram Micro and its partners, the attack is a sharp reminder of the need for robust cybersecurity protocols. Experts recommend implementing phishing-resistant multi-factor authentication, regular patching of remote access software, and continuous monitoring for suspicious activity.

The incident also underscores the importance of transparency in communicating with stakeholders to maintain trust. As Ingram Micro works to restore its systems, the broader IT industry must heed this warning, strengthening defences to mitigate the escalating risks posed by sophisticated cyber threats.

Ingram Micro  |   Cytex  |   Bleeping Comuter  |   Techradar  |   Cybernews  |    

Image: @IngramMicroInc

You Might Also Read: 

How To Check Out Suppliers Before You Commit:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Qantas Contacted By Perpetrator Of Massive Customer Data Breach
Rockerbox Data Breach Exposes Sensitive Information Of Millions »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

QinetiQ

QinetiQ

QinetiQ is one of the world's leading defence technology and security companies. Areas of activity include air, land, sea and space systems, weapons, robotics, C4ISR and cyber security.

AdNovum Informatik

AdNovum Informatik

AdNovum Informatik provides a full set of IT services, ranging from consulting, the conception and implementation of customized business and security solutions to maintenance and support.

BCS Financial

BCS Financial

BCS Financial delivers financial and insurance solutions. Specialty risk products include Cyber and Privacy Liability insurance.

Sliced Tech

Sliced Tech

Sliced Tech provides enterprise grade managed Cloud services, including Security-as-a-Services, aimed at meeting the needs of commercial and government clients from within Australia.

National Security Authority (NBU) - Slovakia

National Security Authority (NBU) - Slovakia

The National Security Authority (NBU) is the central government body in Slovakia for the Protection of Classified Information, Cryptographic Services, Trust Services and Cyber Security.

Windscribe

Windscribe

Windscribe is a Virtual Private Network services provider offering secure encrypted access to the internet.

CETIC

CETIC

CETIC is an applied research centre in the field of ICT. Key technologies include Big Data, Cloud Computing, the Internet of Things, software quality, and trust and security of IT systems.

CyPhyCon

CyPhyCon

CyPhyCon is an annual event exploring threats and solutions to cyber attacks on cyber-physical systems such as industrial control systems, Internet of Things and Industrial Internet of Things.

OISTE Foundation

OISTE Foundation

OISTE foundation allows users to control their digital identities using well-understood and secure algorithms that ensure the continued validity of an identity and its claims.

Aware

Aware

Aware is the only comprehensive AI solution for governance, risk, compliance and insights for leading collaboration platforms.

Advantex Network Solutions

Advantex Network Solutions

Advantex Network Solutions are a leading provider in Mitel, IT Solutions, Networking, and iP surveillance.

CyberCatch

CyberCatch

CyberCatch provides an innovative cybersecurity Software-as-a-Service (SaaS) platform designed for SMBs.

Zyston

Zyston

Zyston's solutions provide end-to-end management of your cybersecurity needs. Our range of services help protect your business where it needs it the most.

Capgemini

Capgemini

Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. Areas of expertise include Cybersecurity.

RKON

RKON

RKON Technologies provides managed IT and cybersecurity services to organizations across various industries, helping businesses mitigate risks and secure their digital infrastructures.

Platview Technologies

Platview Technologies

Platview Technologies is an innovative and agile cybersecurity company with the goal of safe-guarding businesses with our world-class, industry-leading services and technology solutions.