Updated: Ingram Micro implements additional safeguards as systems come back online

Ingram Micro has made significant progress in restoring its systems online, with all regions across the business able to process and ship orders received via EDI, or electronically, as well as by phone or email.

The distributor commenced restoring transactional and ordering functions online on 9 July with additional safeguards on its network, following a global ransomware incident.

“The security of our IT ecosystem has been a top priority for us throughout this incident,” Ingram Micro stated. “We have implemented security protocols and processes as we recover our systems, and we will continue to communicate our progress as appropriate on restoration of relevant services.”

On 5 July, Ingram Micro identified ransomware on its internal systems and took steps to secure the relevant environment, including proactively taking certain systems offline and implementing mitigation measures.

Subscription orders including renewals and modifications became available globally on 9 July with certain countries coming back online.

“Please know that the company proactively chose to take certain systems offline as part of our mitigation efforts, processes, and protocols associated with this cybersecurity incident,” the company said. 

“Our team is focused on further restoring service, and we are confident in the use of these systems as they come back online. 

“We thank our customers and vendor partners for their patience as our restoration efforts progress.”

An investigation is currently underway with the assistance of cybersecurity experts into the ransomware incident, and law enforcement agencies have been notified.  

“Based on these measures and the assistance of third-party cybersecurity experts, we believe the unauthorised access to our systems in connection with the incident is contained and the affected systems remediated,” Ingram Micro said.

“Our investigation into the scope of the incident and affected data is ongoing.”

Ingram Micro has also reassured that it has implemented additional safeguards and monitoring measures to protect its network environment as systems come back online.

The disruption, which began on July 3 as partners took to Reddit, voicing concerns and speculating on possible causes, including a ransomware attack from SafePay, which has been active since 2024, with more than 220 victims and rising.

According to a report on BleepingComputer the outages were caused by a cyberattack through the company’s GlobalProtect VPN access, with employees suddenly finding ransom notes created on their devices.