Ingram Micro Hit by SafePay Ransomware Attack, Disrupting Global IT Operations and Exposing Supply Chain Weaknesses
Irvine, California — Global IT distribution giant Ingram Micro is reeling from a confirmed ransomware attack that triggered a multi-day IT outage, leaving the company unable to process or ship customer orders. The attack, attributed to the SafePay ransomware group, has disrupted operations worldwide, prompting urgent investigations and crisis response efforts.
The breach, discovered on July 3, was acknowledged publicly on July 6, when Ingram Micro confirmed it had taken certain systems offline to secure its environment. The company stated that it notified law enforcement, retained cybersecurity experts, and is working around the clock to restore services.
“We are investigating a cybersecurity incident that has impacted our internal network. We are focused on restoring operations and maintaining transparency with customers and partners,” said a spokesperson from Ingram Micro.
SafePay Group Behind the Attack
The SafePay ransomware gang, one of the most active hacking groups since late 2024, has claimed responsibility for the breach. The group has a history of targeting organizations using misconfigured firewalls, exposed Remote Desktop Protocol (RDP) instances, and vulnerable VPNs—particularly GlobalProtect VPN, which is believed to have been the entry point in this case.
According to Jamie Levy, Director of Adversary Tactics at Huntress, SafePay activity has surged in recent months. Matt Hull of NCC Group noted that SafePay accounts for 18% of all known ransomware attacks and is possibly a rebrand of infamous groups such as LockBit, AlphV, or INC.
A recent NCC report highlighted that SafePay has previously used ScreenConnect for long-term access and data exfiltration after breaching networks.
Severe Business Impact
Ingram Micro’s core platforms, essential for logistics, vendor integration, and order fulfillment, remain affected. The company has launched a status portal and escalation pathways to triage customer issues and provide workarounds while systems are restored.
“The attack on Ingram Micro reveals just how fragile the IT value chain is when a core distributor goes offline,” said Neil Shah, VP at Counterpoint Research. “It has decoupled them from OEMs and vendors, halting visibility and delivery across the ecosystem.”
Sanchit Vir Gogia, CEO of Greyhound Research, added that the impact is particularly severe in industries with centralized procurement such as telecom, government, and large retail sectors. The delay in hardware provisioning, backlogs in shipments, and broken service-level agreements (SLAs) are cascading across enterprises relying on Ingram’s vast distribution network.
Financial Uncertainty and Recovery Efforts
While the full financial impact of the breach remains undisclosed, Ingram Micro had reported Q1 net sales of $12.3 billion and earnings of $144 million. Its Q2 guidance forecasted revenue between $11.7–$12.2 billion, with per-share earnings between 53 and 63 cents. Whether the attack will materially alter these forecasts is still unclear.
Experts say the incident serves as a wake-up call for the broader tech and logistics industries about the risks associated with cloud dependency, globalized IT logistics, and inadequate segmentation of mission-critical infrastructure.
