Ingram Micro, a major U.S.-based technology distributor and managed services provider, suffered a **ransomware attack** starting on **Thursday**, leading to a **prolonged outage** of its website and core network systems. The disruption has **halted order processing**, causing delays in software licensing and preventing customers from accessing or provisioning critical products tied to Ingram’s infrastructure. The attack, attributed to the **SafePay ransomware gang** (though unconfirmed by the company), has forced Ingram Micro to alert shareholders ahead of market opening. While no data breach details have been publicly confirmed, ransomware groups often **exfiltrate sensitive data** before encrypting systems, raising concerns about potential **data leaks or financial extortion**. The outage has **crippled operations** for Ingram’s global clientele, including smaller businesses reliant on its IT services, risking **financial losses, reputational damage, and operational paralysis** until systems are restored. The incident underscores the severe impact of ransomware on supply chains and third-party service providers.
Source: https://techcrunch.com/2025/07/07/ingram-micro-says-ongoing-outage-caused-by-ransomware-attack/
TPRM report: https://www.rankiteo.com/company/ingram-micro
"id": "ing1802018100325",
"linkid": "ingram-micro",
"type": "Ransomware",
"date": "7/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'corporate customers (especially '
'smaller businesses relying on '
'Ingram’s cloud/IT services)',
'industry': 'technology distribution and IT services',
'location': 'California, United States',
'name': 'Ingram Micro',
'size': 'large (global operations)',
'type': ['technology distributor',
'managed services provider']}],
'data_breach': {'data_encryption': 'likely (ransomware attack)',
'data_exfiltration': 'suspected (common tactic for ransomware '
'gangs, but unconfirmed)'},
'date_detected': '2024-02-15T00:00:00Z',
'date_publicly_disclosed': '2024-02-19T00:00:00Z',
'description': 'Ingram Micro, a U.S. technology distributing giant and '
'managed services provider, experienced a ransomware attack '
'that caused an ongoing outage. The attack began on Thursday, '
'leading to the shutdown of the company’s website and much of '
'its network. The outage is affecting software licensing, '
'preventing customers from using or provisioning some products '
'that rely on Ingram’s systems. The SafePay ransomware gang is '
'reportedly responsible, though no major group has officially '
'taken credit. Ingram Micro is working to restore systems to '
'resume order processing.',
'impact': {'brand_reputation_impact': 'potential damage due to prolonged '
'outage and ransomware association',
'downtime': {'duration': 'ongoing (as of 2024-02-19)',
'end': None,
'start': '2024-02-15T00:00:00Z'},
'operational_impact': ['halted order processing',
'disrupted software licensing for customers',
'prevented provisioning of products relying '
'on Ingram’s systems'],
'systems_affected': ['website',
'network infrastructure',
'order processing systems',
'software licensing systems']},
'investigation_status': 'ongoing',
'motivation': 'financial extortion (presumed)',
'ransomware': {'data_encryption': True,
'data_exfiltration': 'suspected',
'ransomware_strain': 'SafePay (reported)'},
'references': [{'source': 'Bleeping Computer'},
{'date_accessed': '2024-02-19',
'source': 'Ingram Micro public statement (2024-02-19)'}],
'response': {'communication_strategy': ['public disclosure to shareholders',
'brief statements to media'],
'containment_measures': ['system shutdown to limit spread'],
'incident_response_plan_activated': True,
'remediation_measures': ['restoring systems to resume order '
'processing']},
'stakeholder_advisories': ['shareholders notified before U.S. market opening '
'on 2024-02-19'],
'threat_actor': ['SafePay ransomware gang (reported)'],
'title': 'Ransomware Attack on Ingram Micro Causes Major Outage',
'type': ['ransomware', 'system outage', 'data breach (suspected)']}