An ongoing outage in the IT giant Ingram Micro is caused by a safapoy ransomware attack, causing internal systems to be closed, BlappingCopper has learned.
Ingram is one of the world’s largest trade-to-business technology distributors and service providers, offering many solutions to resellers and managed service providers worldwide, including hardware, software, cloud services, logistics and training.
Since Thursday, Ingram Micro’s website and online ordering systems have gone down, the company has not disclosed the cause of issues.
Bleepingcomputer has now known that the outage is due to the cyber attack on Thursday morning, employees suddenly get ransom notes made on their equipment.
The ransom note seen by Blapping Computer is associated with the safepay ransomware operation, which has become one of the more active operations in 2025. It is not clear whether the equipment was actually encrypted into the attack.
It should be noted that the rainsmary note claims to steal various types of information, it is all common language used in SAFEPAY ransom notes and may not be correct for ingram micro attack.
Source: Bleepingcomputer
Do you know about this or any other cyber attack? If you want to share the information, you can safely and confidentially contact the signal on lawrensa.11, lawrence.abrams@bleepingcomputer.com via email, or using our tips form.
Sources have told Bleepingcomputer that it is believed that the danger actors broke the ingram micro through their Globalprotect VPN platform.
Once discovered the attack, employees of some places were asked to work from home. The company also closed internal systems, in which employees were asked not to use the company’s globalprotect VPN access, which was said to be affected by IT outage.
The systems affected at many places include the company’s AI-operated Xvantage distribution platform and impulse license provisioning platforms. However, Bleepingcomputer was told that other internal services, such as Microsoft 365, continue to work as always, teams and Sharepoints.
Till yesterday, Ingram Micro has not revealed the attack publicly or for its employees, only stating that IT issues are running, as indicated by a company-wide advice shared with Blapping Computer.
Safepay Ransomware Gang is a relatively new operation that was first seen in November 2024, since then more than 220 victims were deposited.
The ransomware operation has already been violated by corporate network Via VPN Gateway using the Compromised credibility And Password spray attack,
Bleepingcomputer contacted the Ingram Micro about yesterday and today outage and ransomware attacks, but no response was found to our email.
While cloud attacks can be more sophisticated, the attackers still succeed with surprisingly simple techniques.
Drawing by the detection of Vij in thousands of organizations, this report reveals the 8 major techniques used by Claude-Floid danger actors.
