IT distribution giant Ingram Micro has experienced a widespread system outage following a SafePay ransomware attack that occurred late last week, forcing the company to shut down internal systems and disrupting services worldwide. The cyberattack has rendered the company’s website and online ordering systems inaccessible, with employees discovering ransom notes on their devices as the breach was uncovered. Sources indicate that threat actors gained initial access through Ingram Micro’s GlobalProtect VPN platform, prompting the company to advise employees against using the compromised VPN service and directing some staff to work from home as a precautionary measure.
The attack has significantly impacted Ingram Micro’s core business operations, including the AI-powered Xvantage distribution platform and the Impulse license provisioning platform, which are essential for the company’s technology distribution services to resellers and managed service providers globally. Despite the widespread disruption, some internal services including Microsoft 365, Teams, and SharePoint continue to operate normally, allowing basic communications to function. The company has yet to publicly acknowledge the ransomware attack, only issuing internal advisories about ongoing IT issues without disclosing the cybersecurity incident to employees or customers.
The SafePay ransomware group, which emerged in November 2024, has rapidly established itself as one of the more active ransomware operations in 2025, accumulating over 220 victims in less than a year. The group is known for targeting corporate networks through VPN gateways using compromised credentials and password spray attacks, making organizations with inadequate VPN security particularly vulnerable. The attack on Ingram Micro, one of the world’s largest business-to-business technology distributors, demonstrates the growing sophistication and reach of ransomware operations, with potential implications for the broader technology supply chain that depends on the company’s distribution and service capabilities.