The failure of Ingram Micro ‘s systems was caused by a ransomware attack, the company confirms in an official announcement. The SafePay gang, which has been waging an aggressive campaign targeting large companies since the beginning of the year, is behind the incident. The information was first reported by Bleeping Computer.
The attack began on Thursday morning and caused a temporary shutdown of critical Ingram Micro systems, including its online ordering platform and internal tools to support operations. The affected systems include Xvantage, an AI-based distribution platform, and Impulse, a licence sharing system. According to unofficial information, some employees have been advised to switch to remote working and to stop using the company’s VPN.
Although the company has not publicly confirmed that it was the victim of a cyber attack, internal communications and service disruptions point to a widespread security incident. Ransomware notes typical of ransomware attacks were said to have appeared on employees’ devices. Their content matches the pattern used by the SafePay group, which has already claimed more than 220 victims since the end of 2024.
Information provided by sources close to the investigation suggests that the attack vector may have been access through GlobalProtect’s VPN platform – a tool commonly used in corporate hybrid environments. Ransomware groups are increasingly exploiting VPN vulnerabilities, brute-force attacks and credentials obtained from previous breaches.
SafePay is a relatively new player in the ransomware-as-a-service community, but in a short time it has gained a reputation for being extremely effective and aggressive. It bases its attacks on automated infection chains and data theft schemes, although in this case it has not been confirmed whether file encryption or information theft has occurred. Significantly, the wording used by the group in its ransom notes is standard and does not always translate into the actual extent of the breaches.
For the IT market, this event has major implications. As one of the key distributors of B2B technology and services, Ingram Micro serves partners and resellers worldwide. Disruptions to logistics and licensing systems could affect product availability and order fulfilment, especially in SME and integrator environments.
This is further evidence of how sensitive cyber security issues are for global technology chains. The more complex the IT infrastructure – including AI, cloud and external integrations – the more vulnerable it becomes to automated ransomware campaigns. The Ingram Micro case is not just a technical incident, but a warning to the entire distribution sector.
