Update 7/7/25: Added Palto Alto Network’s Statement Reging Our Reporting that is Believed that Ingram Micro Was First Breached Through their VPN.
ANONGING Outage at It Giant Ingram Micro Is Caused by a SafePay Ransomware Attack that LED to the Shutdown of Internal Systems, BleepingComputer Has Learned.
Ingram micro is one of the world’s largest Business-To-Business Technology Distributors and Service Provides, Offering a Range of Solptions Including Hardware, Software, Cloud Services, Logistics, and Training to Reseles and Managed Service Provides Worldwide.
Sink Thursday, Ingram Micro’s Website and Online Ordering Systems Have Been Download, with the Company Not DiscLosing the Creat of the Issues.
Bleepingcompter has now learned that outages are caused by a Cyblettack that Occurred Early Thursday Morning, With Employees Suddenly Finding Ransom Notes Created on their Devices.
The Ransom Note, SEEN by Bleepingcompter, is associated with the safepay ransomware Operation, which has been become one of the more active operations in 2025. It is unclear if deffics. Actually EncryPted in the Attack.
It should be noted that who the Ransom Note Claims to Have Stoen A Wide Variety of Information, this is generic landage used in all savepay Ransom Notes and May Not Be True for the Ingram Micro Attack.
Source: BleepingComPuter
Do you have information about this or another cybertack? If You Want to share the information, you can contact us slcurely and confridentially on Signal at Lawrencea.11, via email at lawrence.abrams@bleepingCcompter.com, or by using our tipss Form.
Sources Have Told BleepingComp motif that is Believed the Threat Actors Brecched Interam Micro Through Its Globalprotect VPN Platform.
OnCE The Attack Was Discovered, Employees in Some Locations Were Told to Work from Home. The compny also shut download Internet Systems, Telling Employees Not to Use the Company’s Globalprotect VPN Access, Whiche Was SAID to Be Impacted by the IT OTAGE.
Systems that are Impacted in Many Locations Include the Company’s Ai-Powered XVANTAGE Distribution Platform and the Impulse License Provisioning Platform. Howver, BleepingCcompter WAS TOLD that other Internet Services, Such As Microsoft 365, Teams, and SharePoint, Continue to Operate as Usual.
Asterday, Ingram Micro Has Not DiscLosis the Attack Publicly or to Its Employees, Only Stating There are on both aresues, as indicated by company-wide advisories shared with BleepingComPuter.
The SafePay Ransomware Gang is a Relatively New Operation that was First Seen in November 2024, Accumulating Over 220 Victims SINCE THEN.
The Ransomware Operation Has Been Prevringly Observe Breaker Corporate Networks Through VPN GateWays Using Compromised Credentias And Password Spray Attacks.
BleepingComPuter Contracted Pingram Micro Yestery and Today About
Update 7/6/25: In a brief Sunday Morning Announcement, Ingram Micro Has Confirmed that They SuffERED A Ransomware Attack.
“Ingram Micro Recently Identified Ransomware on Certain of Its International Systems,” Reads Ingram Micro’s Statement.
“Promptly after learning of the Issue, The Company tok Steps to Secure the Relevant Environment, Including Proactile Taking Certain Systems Offline and Implementing Other Mitiation Measures.
“Ingram Micro is working Diligently to restore the team worked SYSTEMS SO that it can procese and ship orders, and the compancy Apologizes for Any Disruption This issue is causing its Customers, Vendor Partners, and others.
Update 7/7/25: Palo Alto Networks Share the Following Statement with BleepingCcompter Reging
“At Palo Alto Networks, The Security of our Customers Is Our Top Priority. We are Aware of a Cyblesecurity Incident Impacting Ingram Micro and Reports that Mention Palo Alto Networks’ Globalprotect VPN, “Palo Alto Networks Told BleepingcomPturer.
“We are Currently Investigating these Claims. Threat Actors Routinly Attempt to Exploit Stallen Credents or Network MiscOnfigctions to Gain Access Thrug VPN Gateways.
While Cloud Attacks May Be Growing More Sophisticicated, Attackers Still Succeed with Surprisingly Simple Techniques.
Drawing from Wiz’s Detections Across Thousands of Organizations, This Report Reveals 8 Key Techniques Used by Cloud-Fluent Threat Actors.
