One of the world’s largest IT distributors has revealed it is battling to recover from a recent ransomware breach.
California-based Ingram Micro issued a brief statement over the weekend confirming “an ongoing system outage.”
It said: “Ingram Micro recently identified ransomware on certain of its internal systems. Promptly after learning of the issue, the company took steps to secure the relevant environment, including proactively taking certain systems offline and implementing other mitigation measures. The company also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement.”
The attack appears to have landed on Thursday, just ahead of the long Independence Day weekend in the US. Widespread reports suggested that the company’s website and ordering systems were impacted by the incident, although its site appeared to be functioning at the time of writing.
Read more on July 4 ransomware attacks: US Spy Agencies Investigate Kaseya Supply Chain Attack
An alleged ransom note seen by Infosecurity ties the attack back to the SafePay ransomware gang.
The group was labelled the most active in May 2025, after NCC Group attributed 70 attacks (18% of the total) to it.
It’s unclear whether the threat actors managed to exfiltrate any data before installing ransomware on Ingram Micro endpoints. However, the resulting outage appears to be serious.
“Ingram Micro is working diligently to restore the affected systems so that it can process and ship orders, and the company apologizes for any disruption this issue is causing its customers, vendor partners, and others,” the company’s statement explained.
The distributor, which has a history dating back over four decades, employs over 20,000 people and made nearly $50bn in revenue last year – making it an attractive target for extortion.
The company boasts that it can reach 90% of the world’s population with its products, cementing its status as a critical player in the global IT industry.
Ransomware actors often strike just before or during national holidays and weekends.
A Semperis study from last year found that 86% of victim organizations were targeted at these times, when staff are likely to be distracted and/or out of the office.
Image credit: Jonathan Weiss / Shutterstock.com
