Ethical Hacking News
Ingram Micro, a leading business-to-business technology distributor, has been hit by a SafePay ransomware attack that has left thousands of employees without access to internal systems. The outage, which began on Thursday morning, has caused widespread disruptions to the company's operations, with many systems remaining offline as of July 5, 2025. To find out more about this developing story and its impact on the tech industry, read our in-depth report.
Ingram Micro has been hit by a SafePay ransomware attack, leaving thousands of employees without access to internal systems. The outage began on Thursday morning and has caused widespread disruptions to the company's operations. The cyberattack is believed to have occurred through the GlobalProtect VPN platform. Internal systems, including AI-powered Xvantage distribution platform, were affected by the IT outage. The SafePay ransomware gang has accumulated over 220 victims since its inception in November 2024. The company's website and online ordering systems remain down due to the attack.
Ingram Micro, a leading business-to-business technology distributor and service provider, has been hit by a SafePay ransomware attack that has left thousands of employees without access to internal systems. The outage, which began on Thursday morning, has caused widespread disruptions to the company's operations, with many systems remaining offline as of July 5, 2025.
The cyberattack, attributed to the SafePay ransomware operation, is believed to have occurred through the GlobalProtect VPN platform, according to sources close to the matter. Employees were reportedly told to work from home and not use their company-issued GlobalProtect VPN access, which was said to be impacted by the IT outage.
As of yesterday, Ingram Micro has not publicly disclosed the cause of the issues, instead stating only that there are ongoing IT problems. However, BleepingComputer sources have confirmed that internal systems, including the AI-powered Xvantage distribution platform and the Impulse license provisioning platform, were affected.
The SafePay ransomware gang is a relatively new operation that has accumulated over 220 victims since its inception in November 2024. The group is known for breaching corporate networks through VPN gateways using compromised credentials and password spray attacks.
While other internal services such as Microsoft 365, Teams, and SharePoint continue to operate without issue, the company's website and online ordering systems remain down. Employees have been left without access to critical systems, causing disruptions to daily operations.
BleepingComputer has learned that a ransom note was found on devices belonging to employees, which is associated with the SafePay ransomware operation. However, it is unclear whether devices were actually encrypted during the attack.
The incident highlights the importance of robust cybersecurity measures and regular backups in preventing such attacks from occurring. It also underscores the need for companies to regularly update their security protocols and stay vigilant against emerging threats.
As the situation continues to unfold, BleepingComputer will provide updates on the status of Ingram Micro's systems and any developments related to the SafePay ransomware attack.
Related Information:
https://www.ethicalhackingnews.com/articles/Ingram-Micro-Ransomware-Attack-A-Global-Outage-Leaves-Thousands-Without-Access-ehn.shtml
https://www.bleepingcomputer.com/news/security/ingram-micro-outage-caused-by-safepay-ransomware-attack/
Published: Sat Jul 5 11:51:16 2025 by llama3.2 3B Q4_K_M
