Ingram Micro cyber attack: IT distributor says system restoration underway – but some customers might have to wait for a return to normality
While there are still limitations on some orders, says the company, most regions are pretty much back to normal


Ingram Micro is gradually getting back on its feet after a recent cyber attack severely disrupted systems.
In an update, the company said that it's been recovering systems and implementing new security protocols and processes in the wake of the incident.
The firm revealed it can now receive and process orders once again in most regions of the world, although in some countries there are still limitations when it comes to hardware and other technology orders.
30% off Keeper Security's Business Starter and Business plans
Keeper Security is trusted and valued by thousands of businesses and millions of employees. Why not join them and protect your most important assets while taking advantage of this special offer?
"Ingram Micro is pleased to report that we are now operational across all countries and regions where we transact business. Our teams continue to perform at a swift pace to serve and support our customers and vendor partners," the company said in a statement.
"Our teams are now able to process and ship orders received via EDI, or electronically, as well as by phone or email across all of our business regions."
The latest regions to get back to normal are Austria, Canada, Singapore, and the Nordics, as well as the countries supported by its Miami Export business.
The company was already able to process orders for customers in Brazil, China, France, Germany, India, Italy, Portugal, Spain and the UK, albeit with limitations on hardware purchases.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
As for subscription orders, the company said customers should contact Unified Support.
Since the attack, the company has been taking some systems offline and implementing other mitigation measures.
"Based on these measures and the assistance of third-party cybersecurity experts, we believe the unauthorized access to our systems in connection with the incident is contained and the affected systems remediated," it said.
"Our investigation into the scope of the incident and affected data is ongoing."
What happened with the Ingram Micro cyber attack?
Ingram Micro first revealed it had been hit by a cyber incident last week, with responsibility for the attack claimed by the SafePay ransomware group.
SafePay is believed to have breached the IT distributor via its GlobalProtect virtual private network (VPN) platform, according to reports.
The ransomware group is an up-and-coming outfit that’s been making waves in the industry for some time now. SafePay employs a ‘double extortion’ model, encrypting systems while exfiltrating sensitive data.
This technique is used largely to increase the attacker's leverage through the threat of public exposure and operational disruption.
Research from Halcyon found that SafePay has been using a modified version of LockBit's late-2022 code.
It uses a wide range of tactics, techniques, and procedures, including exploiting known vulnerabilities in widely used enterprise software to gain initial access. It then exploits legitimate remote management tools for persistence combined with credential-harvesting tools such as Mimikatz.
Halcyon’s investigation into SafePay noted that, despite its newcomer status in the ransomware scene, the group “demonstrates a surprising level of technical maturity and operational discipline”.
This, the company added, suggests it “may be run by experienced threat actors”.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Ransomware attacks carry huge financial impacts
- Developers face a torrent of malware threats as malicious open source packages surge 188%
- A major ransomware hosting provider just got hit US with sanctions
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
Microsoft quietly launched an AI agent that can detect and reverse engineer malware
News Researchers say the tool is already achieving the “gold standard” in malware classification
-
AWS CEO Matt Garman just said what everyone is thinking about AI replacing software developers
News Junior developers aren’t going anywhere, according to AWS CEO Matt Garman
-
Microsoft quietly launched an AI agent that can detect and reverse engineer malware
News Researchers say the tool is already achieving the “gold standard” in malware classification
-
Employee distraction is now your biggest cybersecurity risk
News Workplace distraction is the top reason organizations fall victim to cyber attacks, according to new research.
-
Apple just released an emergency patch for a zero-day exploited in the wild – here’s why you need to update now
News Apple is warning millions of users of iPhones, iPads and Macs to update their software to protect against an out-of-bounds write vulnerability
-
Cyber teams are struggling to keep up with a torrent of security alerts
News Fragmented identity security processes are creating blind spots, and the proliferation of tools doesn't help
-
The Allianz Life data breach just took a huge turn for the worse
News Around 1.1 million Allianz Life customers are believed to have been impacted in a recent data breach, making up the vast majority of the insurer's North American customers.
-
US authorities just took down 'one of the most powerful DDoS botnets to ever exist’ with help from AWS
News The Rapper Bot botnet was responsible for a series of large-scale DDoS attacks on government agencies and tech companies. Now it's gone.
-
UK telecoms firm takes systems offline after cyber attack
News The Warlock ransomware group said it was selling a million stolen documents
-
Everything we know about the Workday data breach so far
News HR technology firm Workday has confirmed a data breach after threat actors gained access to a third-party CRM platform.