246/68 Monday, July 7, 2025
Ingram Micro, one of the world’s largest B2B technology distributors, has been experiencing prolonged system outages since last Thursday. According to a report by BleepingComputer, the incident has now been confirmed as a ransomware attack carried out by the SafePay group, which managed to breach the company’s internal systems. Several employees reportedly found ransom notes displayed on their devices on the morning the attack occurred.
Sources suggest the attackers may have exploited a vulnerability in the GlobalProtect VPN platform, which Ingram Micro uses as a core part of its internal infrastructure. Upon detecting the intrusion, the company instructed some employees to work remotely, shut down all internal systems, and temporarily disabled the VPN. Key services such as Xvantage, an AI-powered distribution platform, and Impulse, the company’s license management system, were rendered inoperable. However, tools like Microsoft 365, Teams, and SharePoint remained functional.
Although the SafePay group claims to have stolen sensitive corporate data, the ransom note used is a generic message seen in many of the group’s prior attacks, leaving it unclear whether data exfiltration actually occurred. SafePay, first observed in late 2024, has since targeted over 220 organizations worldwide, often breaching systems via VPN gateways using stolen credentials or password spraying attacks. As of now, Ingram Micro has not issued an official public statement about the breach, only internal communications acknowledging IT service disruptions.
