Ingram Micro, one of the world's largest tech distributors, has confirmed it was hit by a ransomware attack that brought key systems offline, leaving customers unable to place orders or access services.
The attack began on July 3, with many resellers and service providers reporting system and phone outages.
The company publicly acknowledged the issue hours later, stating: "Ingram Micro recently identified ransomware on certain of its internal systems. Promptly after learning of the issue, the company took steps to secure the relevant environment, including proactively taking certain systems offline."
It added that cybersecurity experts and law enforcement are now involved.
The impact has been significant. Ingram's online systems—including its ordering platform and Microsoft 365 license management—remain unavailable, TheRegister said.
Staff at the company's service center in Bulgaria were told to disconnect their laptops and stay home as systems were shut down.
The ransomware group SafePay claimed responsibility, saying it exploited network misconfigurations and accessed sensitive data.
IT Giant Ingram Micro Reveals Ransomware Breach https://t.co/MhPb5VhUhT #cybersecurity #infosec #hacking
— The Cyber Security Hub™ (@TheCyberSecHub) July 7, 2025
Ingram Micro Hit by Ransomware, Operations Disrupted Globally
In a ransom note, the hackers said they had encrypted important files and threatened to release stolen data unless a deal was made.
"We are the ones who can correctly decrypt your data and restore your infrastructure," the group wrote, demanding payment within seven days.
While Ingram has not confirmed how the attackers got in, reports suggest the breach may have occurred through its GlobalProtect VPN.
Cybersecurity researchers warn that SafePay is known for using stolen VPN credentials rather than phishing tactics, making strong multi-factor authentication critical.
The outage couldn't have come at a worse time, with many companies pushing to meet end-of-quarter sales goals.
According to CRN, the CEO of a major US partner told CRN, "This is our worst nightmare come true. We can't place orders or get quotes—it stops our business."
Partners are especially frustrated by the lack of communication. One executive said, "To remain silent is not healthy. Even if there are no answers yet, regular updates are critical."
Ingram Micro, which brought in $48 billion in revenue last year, is racing to restore systems. Customers are already considering alternative suppliers like TD Synnex to fill the gap if the situation continues.
"This attack shows just how vulnerable any company can be," another partner said. "Cyberattacks aren't going away, and we all have to stay prepared."
Join the Conversation