Ingram Micro hit by ransomware attack

Ingram Micro has revealed it has become the victim of a ransomware attack. The distributor shared an update over the weekend detailing the attack after suffering a system outage.

“Ingram Micro recently identified ransomware on certain of its internal systems,” the firm stated. “Promptly after learning of the issue, the company took steps to secure the relevant environment, including proactively taking certain systems offline and implementing other mitigation measures. The company also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement.”

The distributor indicated it was “working diligently to restore systems so that orders could be processed and shipped”, and it apologised for any disruption caused to vendors and partners.

According to reports in BleepingComputer, the attack was carried out by a SafePay ransomware group, which has been particularly active this year.

The group claimed it had been able to exploit some gaps in the distributor’s systems to launch its attack. The note added that it was not a political attack but one motivated by money.

The channel knows only too well that it is a target for cyber criminals, and what has happened to Ingram Micro will send a shiver down many channel spines. It also confirms the severity of recent warnings from security experts about the vulnerability of supply chains.

Over the past couple of years, MSPs have emerged as a primary target for criminals looking to gain access to sensitive customer data, and that rise in threats has been accompanied by a rising influence of the insurance industry.

Speaking at the recent Working Together for Channel Success event, Robin Ody​, principal analyst at Canalys, now part of Omdia, said that the channel – particularly those involved with numerous customers – were key targets for criminals.

“Partners have become the number one threat vector for customers, because a partner holds all the data,” he said. “And the more that they hold the managed services piece, the more that they hold the financial data and the more the MSPs have become the single threat vector for the channel.”

Those statements came just a few weeks after the latest CyberSmart MSP survey found that 69% of respondents had been hit by multiple breaches in the past 12 months, with almost half fending off three or more attacks.

The majority of MSPs indicated to CyberSmart that they felt confident about their security position, underling the extent to which awareness of their position as targets has been accepted by the channel community.

The CyberSmart research can be added to other reports that have focused on the threats being faced by MSPs. Back in April, CrowdStrike shared its 2025 Global threat report, which also highlighted that the pressure is on the channel to make sure it’s taking steps to protect its own operations and customer data.

The case of Ingram Micro will become a high-profile example of the determination by ransomware criminals to target the channel and the disruption that can be caused to a well-protected business.