Ingram Micro confirms ransomware incident as cause of company-wide outage

SafePay group takes credit for breach, gives distributor seven days to reach agreement

Pro

Image: Ingram Micro

Ingram Micro has confirmed it has been the victim of a cyber attack. Reports from news website Bleeping Computer on 3 July when customers said phone lines and partner portal lost service, shutting off the ability to manage service licences or make hardware purchases. The company’s website was also unavailable, with its homepage replaced with a message claiming it was unavailable due to “technical difficulties”.

According to The Register, staff at Ingram’s service centre in Bulgaria – which handles European sales – were sent home on 4 July and instructed not to connect their laptops.

“Ingram Micro recently identified ransomware on certain of its internal systems,” read an official statement released on Sunday 7 July. “Promptly after learning of the issue, the Company took steps to secure the relevant environment, including proactively taking certain systems offline and implementing other mitigation measures. The Company also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement.”

It added: “Ingram Micro is working diligently to restore the affected systems so that it can process and ship orders, and the Company apologizes for any disruption this issue is causing its customers, vendor partners, and others.”

Further reporting by Bleeping Computer has confirmed the distributor suffered a ransomware attack by the SafePay group. It is believed the company was breached through its GlobalProtect VPN platform.

“Your IT specialists made a number of mistakes in setting up the security of your corporate network, so we were able to spend quite a long period of time in it to compromise you. It was the misconfiguration of you network that almost allowed our experts to attack you, this situation is simply a paid training session for your system administrators,” read a ransom letter than appeared on Ingram Micro devices.

“We’ve spent the time analyzing your data, we know the ins and outs of your corporation. As a result, all giles of importance have been encrypted and the ones of most interest to us have been stolen and are now stored on a secure server for further publication on the web with an open access.”

SafePay has given the Company has been given seven days to respond before the data is released.

Response to the incident has been a mix of frustration and specultation among customers. On discussion forum Reddit users vented about Ingram Micro’s quality of service – especially related to its xVantage platform – and lack of communication explaining the details of the attack.

TechCentral Reporters

Read More: cyber security Ingram Micro