Security Stop-Press: Ingram Micro Hit by SafePay Ransomware Attack

IT giant Ingram Micro, a major global distributor of technology products and services, has confirmed it suffered a ransomware attack that forced key systems offline and disrupted global operations.

The incident, which began early on 4 July, was carried out by the SafePay ransomware group. Employees discovered ransom notes on their devices, and systems including Ingram’s Xvantage distribution platform and Impulse licensing tool were shut down. Microsoft 365 and Teams remain unaffected.

Ingram Micro confirmed the attack in a brief statement on 6 July, saying it had “identified ransomware on certain of its internal systems” and was working with cybersecurity experts while restoring services.

The SafePay group, active since late 2024, has hit over 220 organisations and is known for exploiting VPN vulnerabilities using stolen or weak credentials. In this case, the company’s GlobalProtect VPN is thought to be the entry point.

This attack highlights the importance of securing remote access with multi-factor authentication, regular updates, and strong password policies to prevent ransomware intrusions.