Ingram Micro Systems Disrupted by SafePay Ransomware Attack, Internal Operations Affected
Ingram Micro, a global leader in technology distribution and IT services, has fallen victim to a ransomware attack that has caused a major outage in its operations since Thursday. The cyberattack, reportedly linked to the SafePay ransomware group, forced the company to shut down key internal systems, disrupting order processing and platform access across multiple regions.
The disruption began early Thursday morning, when Ingram Micro employees discovered ransom notes on their devices. While it’s unclear whether systems were fully encrypted, the ransom note bore the hallmark language of SafePay—one of the fastest-growing ransomware operations of 2025.
According to internal sources, the breach may have occurred through vulnerabilities in Ingram Micro’s GlobalProtect VPN platform. Following the attack, some staff were instructed to work from home, and VPN access was promptly disabled as a precautionary measure.
Systems affected include Ingram’s AI-driven Xvantage distribution platform and the Impulse license provisioning system, both crucial tools for its global reseller and partner network. However, core services like Microsoft 365, Teams, and SharePoint remain operational.
Despite widespread system outages and ransom notes found across multiple locations, Ingram Micro has yet to publicly confirm the nature of the incident. Instead, internal advisories have cited only “ongoing IT issues.”
The SafePay ransomware group, first identified in late 2024, has already accumulated over 220 known victims. Its typical attack vector includes exploiting corporate VPNs using stolen or brute-forced credentials.
BleepingComputer, which first reported the breach, has reached out to Ingram Micro for comment but has received no official response.
