ChannelLife UK - Industry insider news for technology resellers
United Kingdom

Guides

#
cloud services
#
cybersecurity
#
distributors
#
microsoft
#
partner programmes

Search

Network computers metal padlock remote access cables cyberattack enterprise security
#
Data Protection
#
Encryption
#
Network Security

Ingram Micro responds to ransomware incident impacting internal systems

Today
Author image
By Sean Mitchell, Publisher

Ingram Micro has confirmed a ransomware attack targeting its internal systems, leading to operational disruption and an ongoing effort to restore affected services. The global technology distributor issued a statement acknowledging the incident and outlining steps taken to secure its environment and mitigate potential damage.

"Ingram Micro recently identified ransomware on certain of its internal systems," the company said in a statement issued on 5 July. "Promptly after learning of the issue, the Company took steps to secure the relevant environment, including proactively taking certain systems offline and implementing other mitigation measures. The Company also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement."

The company is currently focused on restoring affected systems and minimising disruption to business operations. "Ingram Micro is working diligently to restore the affected systems so that it can process and ship orders, and the Company apologises for any disruption this issue is causing its customers, vendor partners, and others," the statement read.

Expert voices warn on supply chain risks

Industry experts have highlighted the growing risks associated with third-party access in the wake of the attack. Gareth Roberts, Head of Delivery at tmc3, a Qodea company, said: "It is crucial to remember that organisations are only as secure as their weakest link. Therefore, assessing the security practices of third-party suppliers and ensuring that data protection standards are being upheld is vital to a company's security posture."

Roberts underscored the importance of communication and transparency throughout the supply chain, noting that technical safeguards also play a key role in preventing such incidents. "To further protect information, businesses can implement specific technical measures such as strong encryption for data both in transit and at rest, which makes it unreadable to unauthorised users. Additionally, enforcing access controls and multi-factor authentication (MFA) helps ensure that sensitive data is only accessible to those who require it," he advised.

Alleged threat actor and industry context

The ransomware incident at Ingram Micro has reportedly been linked to a group known as SafePay, which allegedly accessed the company's systems via a compromised virtual private network (VPN).  

Chris Hauk, Consumer Privacy Champion at Pixel Privacy, provided further context regarding the threat landscape. "With the toppling of LockBit and ALPHV, this has opened up 'opportunities' for upstart ransomware groups like SafePay. The group first gained fame with an early high-profile SafePay ransomware attack on UK telematics business Microlise, with SafePay claiming to have stolen 1.2 terabytes of data and demanding payment in less than 24 hours. However, little remains known about the group," Hauk noted.

Hauk added: "The reports I've seen indicate the group moves quickly, with fast encryption times, seeing attacks typically move from system breach to deployment in less than 24 hours."

He emphasised that organisations can protect against similar threats by implementing a series of robust security measures. "Organisations can protect against SafePay and similar types of ransomware attacks by placing strict access controls on their systems, strong authentication like multi-factor authentication, monitoring for newly discovered vulnerabilities, and implementing secure VPN connections to provide remote access," Hauk said.

Ongoing investigation and mitigation efforts

Ingram Micro's statement did not specify the extent of the disruption or when full system restoration is expected. The company has engaged leading cybersecurity experts to support its investigation and has notified relevant law enforcement authorities. The company also apologised for any inconvenience experienced by its customers and partners as a result of the incident.

As the investigation continues, Ingram Micro's experience underscores the persistent threat posed by ransomware and highlights the critical importance of vigilance, secure access management, and strong supply chain security practices within the IT sector.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Endava & Goji partner to transform private fund onboarding
Cellular IoT shipments up 23% amid vendor challenges
Punkt. & Gigaset team up for privacy-focused mobile devices
LevelBlue acquires Trustwave to form largest global MSSP
IDnow & Keyless partner to boost secure digital identity checks

Top stories

BNP Paribas renews UK FinTech incubator with AI focus
Lab Thread secures GBP £750,000 to revolutionise lab data management
IFSAS to deliver security & automation at new Crete airport
Swansea University & partners embed cybersecurity in aerospace
Capgemini to acquire WNS for USD $3.3 billion in AI expansion