Ethical Hacking News
Ingram Micro, one of the world's largest technology distributors, has been hit by a devastating ransomware attack that has left its systems down for several days. The attack has resulted in significant disruption to Ingram's operations and has left customers, vendor partners, and others without access to their services. According to Ingram Micro, the attack was caused by ransomware on certain of its internal systems, which were compromised by SafePay crew. The company is working diligently to restore its systems and negotiate with the attackers. This article provides a detailed look at the attack and what it means for Ingram Micro and its customers.
Ingram Micro, one of the world's largest technology distributors, was hit by a devastating ransomware attack. The attack occurred on July 3 and has resulted in significant disruption to Ingram's operations. The attack began when trade customers complained about breakdowns in their systems and phone lines. The company's internal systems were compromised due to mistakes made in setting up its corporate network, allowing the attackers to access sensitive information. The attackers claim to have encrypted important files and are demanding a ransom in exchange for unlocking Ingram's servers. The SafePay crew, a notorious group of cybercriminals, is believed to be behind the attack.
Ingram Micro, one of the world's largest technology distributors, has been hit by a devastating ransomware attack that has left its systems down for several days. The attack, which was exclusively revealed by The Register, is believed to have occurred on July 3 and has resulted in significant disruption to Ingram's operations.
The attack began when trade customers - resellers and managed service providers - complained that they were unable to place orders due to a breakdown in their systems and phone lines. Despite numerous attempts to contact the company, its executives and press relations department remained silent until July 6, at which point they finally broke their silence.
According to Ingram Micro, the attack was caused by ransomware on certain of its internal systems. The company promptly took steps to secure the relevant environment, including proactively taking certain systems offline and implementing other mitigation measures. The company also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement.
The distributor's systems were compromised when SafePay crew, a notorious group of cybercriminals, exploited mistakes made by Ingram Micro in setting up its corporate network. The note sent to Ingram Micro claims that it was able to spend quite some time in the system and compromise it. It also states that the company's misconfiguration allowed them to access sensitive information, including financial statements, intellectual property, accounting records, lawsuits, personal and customer files, bank details, transactions, and more.
The attackers claim that they have encrypted all important files and stored vital data on a secure server for further exploitation and publication on the web with open access. They also claim that they will "unlock" Ingram's servers when an agreement is reached, and threaten to keep the systems down until the ransom is paid.
This is not a politically motivated attack, and the SafePay crew claims to want nothing more than money. Ingram has seven days to negotiate with the attackers.
The safePay ransomware crew may have entered Ingram Micro's systems via its GlobalProtect VPN platform, sources told Bleeping Computer. This remains unconfirmed.
SafePay was one of the most active ransomware crews in the world in May, according to threat intelligence service Fortra, with 70 attacks linked to the gang and its affiliates that month.
Graham Cluely, a cybercrime researcher at Fortra said last month:
“SafePay is known for breaking into organisations by using stolen VPN or RDP credentials. It has not been reported to have used phishing techniques frequently seen in many other ransomware attacks. Therefore, organisations that worry they might be targeted would be wise to enforce multi-factor authentication on all remote access points, disable unused RDP or VPN access entirely, and use IP allowlists or geofencing where possible.”
The Register has asked Ingram Micro to comment but was unable to get a response.
Related Information:
https://www.ethicalhackingnews.com/articles/Ingram-Micro-Ransomware-Attack-A-Devastating-Blow-to-a-Global-Tech-Distributor-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/07/06/ingram_micro_confirms_ransomware_behind/
Published: Sun Jul 6 08:46:09 2025 by llama3.2 3B Q4_K_M
