Article Details

Ingram Micro starts restoring systems after ransomware attack. Ingram Micro has begun restoring systems and business services after suffering a massive SafePay ransomware attack right before the July 4th holiday. Last Thursday, IT distributor and services giant Ingram Micro suffered a global outage, with their website and ordering systems taken offline, and employees told to work from home. Saturday morning, BleepingComputer exclusively reported that a SafePay ransomware attack was behind the outage, with the company confirming a ransomware attack later that night. Since Monday, Ingram Micro has begun restoring some of its business operations, stating that it has resumed accepting orders via phone and email in many countries. By Tuesday, this expanded to the US, Canada, and other countries. "Subscription orders, including renewals and modifications, are available globally and are being processed centrally via Ingram Micro's support organization," Ingram Micro announced on Monday. "Additionally, we are now able to process orders received by phone or email from the UK, Germany, France, Italy, Portugal, Spain, Brazil, India, and China. Some limitations still exist with hardware and other technology orders, which will be clarified as orders are placed." In addition, BleepingComputer has learned that the company performed a company-wide password and multi-factor authentication (MFA) reset, and has begun restoring VPN access to employees. Numerous internal systems and platforms, many related to ordering, logistics, and fulfillment, have been restored yesterday and today, allowing employees greater access to the company's ordering system. While Ingram Micro is quickly recovering from the attack, BleepingComputer was told that the restoration process is far from over, with employees gradually transitioning back to in-office work. It is unclear whether data was stolen during the attack, and SafePay has not publicly claimed responsibility for the attack at this time. However, the ransomware gang is known for stealing data in their attacks, so if a ransom is not paid, we may see some indication of this in the coming days or weeks. BleepingComputer contacted Ingram Micro about whether data was believed to have been stolen and will update the story if we receive a response. 8 Common Threats in 2025 While cloud attacks may be growing more sophisticated, attackers still succeed with surprisingly simple techniques. Drawing from Wiz's detections across thousands of organizations, this report reveals 8 key techniques used by cloud-fluent threat actors.