Operations of Ingram Micro are gaining momentum after the attack, progressing towards full recovery.
Following a ransomware attack by the SafePay gang, global technology distributor Ingram Micro has made significant progress in restoring its operations. As of the latest updates, the company has confirmed the disruption experienced last week.
Ingram Micro has apologized to its customers and vendors for any potential disruptions caused by the attack. The company's digital platform, Ingram Micro Xvantage, however, has not yet released information about the status of orders being processed through it.
Subscription orders, including renewals and modifications, are being processed centrally through Ingram Micro's support organization worldwide[1][3]. Customers can also place orders by phone or email from several countries, including the U.K., Germany, France, Italy, Spain, Brazil, India, China, Portugal, and the Nordics[1][3].
However, there are still limitations on hardware and technology orders. Ingram Micro is clarifying these limitations on a case-by-case basis as orders are placed[1][3]. Partners and customers are exploring alternative sources for products as they await a full resolution.
The ransomware gang SafePay, which launched in late 2024, claimed responsibility for the attack on Ingram Micro. According to researchers at Halcyon, the group uses a modified version of LockBit code dating back to 2022[4]. Experts suggest that SafePay may be a rebrand of older, better-known threat actors.
Ingram Micro has not yet stated whether the attack will be considered material to its operations. The company operates a range of other technology services beyond its distribution business.
Sources: [1] Ingram Micro website [2] Reuters [3] CRN [4] The Hacker News
Ingram Micro is currently working on restoring the unaffected parts of its digital platform, Ingram Micro Xvantage, specifically the status of orders being processed. Despite exploring alternative sources, partners and customers are still encountering limitations on hardware and technology orders due to the cybersecurity incident caused by the ransomware attack from SafePay.
