Kevin BeaumontIngram Micro have been experiencing some kind of ’technical issue’, including of their corporate and orders website.
There’s a Register piece on this now. https://www.theregister.com/2025/07/04/ingram_micro_technical_difficulties/
Ingram Micro are now 24 hours into a total outage, which includes their website and all of their internal IT.
Ingram Micro sell anti-ransomware products and ransomware incident response training btw.
If anybody wonders who Ingram Micro are, they turn over $48 billion a year and have about 20 different business units and brands.
Their network border is dead. Haven’t checked network traffic to see if ransomware yet.
Ingram Micro had network traffic from their ASN to a C2 server used by SafePay ransomware group, for the past week. #threatintel #ransomware
Bleeping Computer confirms: https://www.bleepingcomputer.com/news/security/ingram-micro-outage-caused-by-safepay-ransomware-attack/
2 and a bit days in and Ingram Micro still haven’t admitted what is happening, instead saying “Maintenance”
They’re both a large MSP and MSSP who sell anti-ransomware services.
There's also several hundred gigabytes of data out of Ingram Micro's network. I suspect they'll have a long running, uhm, maintenance.
Three days in, Ingram Micro have updated their website to say they’re having a cybersecurity incident. They’ve also linked their press release, calling it ransomware. https://www.ingrammicro.com/
It’s a smart play as it makes them the owner of the narrative.
Ingram Micro have filed an 8-K for ransomware.
Some incredible wordsmithing here - rather than say when the incident began, they say when they issued a press release. Which was days later than when the incident began. I think this is because they missed SEC reporting deadlines.
https://www.sec.gov/ix?doc=/Archives/edgar/data/1897762/000162828025034372/ingm-20250705.htm
Ingram Micro have restored their cybersecurity website, which had been offline, where they sell anti-ransomware services. The content hasn’t been updated for just over 6 years.
Simon ZerafaI'm sensing a profound disturbance in the irony field 🙄🤷♂️
David Penfold 
@GossiTheDog An ancient backup?
Will@GossiTheDog big clap
OSPF110 ☕@GossiTheDog I got informed they was back online on the 14th of July. I assumed with the quick turnaround they'd paid the ransom.
8tpercent@GossiTheDog maybe they used dialup modem to restore that site.....
Alan Miller 
🇺🇦@GossiTheDog I do like their "Security Linecard" for product categorization. https://linecards.ingrammicro.com/security/
winter@GossiTheDog That's incredible.
@GossiTheDog My headcanon is that it's a ransomware canary: Just keep serving the oldest file you can; and if it gets replaced by a newer file you are implying that you've lost access to the data without having to say so publicly. For when someone delivers an insecurity letter to your helpdesk or enterprise VPN appliance.
George Liquor, American@GossiTheDog
Item 8.01. Other Events.
On July 5, 2025, Ingram Micro Holding Corporation (the “Company”) issued a press release stating the Company identified ransomware on certain of its internal systems. Promptly after learning of the issue, the Company took steps to secure the relevant environment, including proactively taking certain systems offline and implementing other mitigation measures. The Company also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement.
A copy of the press release is attached hereto as Exhibit 99.1, noting that the Company is working diligently to restore the affected systems so that it can process and ship orders.
#AltText #Alt4You
Zack Whittaker@GossiTheDog live shot of Ingram Micro issuing its press release in the middle of a ransomware attack
Emory@zackwhittaker @GossiTheDog it's just as glorious as enron's shredder evolution
vampirdaddy@GossiTheDog
German translatio of 8-K
= Ad-Hoc Meldung
https://www.deltavalue.de/form-8-k-sec-filing/
German translatio of 8-K
= Ad-Hoc Meldung
https://www.deltavalue.de/form-8-k-sec-filing/
Interpipes 💙@GossiTheDog I didn't see you close the loop here but Ingram say they've been fully operational again since the 9th July (an email just landed in my mailbox promoting https://www.ingrammicro.com/en-us/information )
greem@GossiTheDog refreshingly honest, in comparison to M&S at least.
Expertenkommision Cyberunfall“refreshing honest” would have been wighin the first two hours…
Ray—Golden Retriever Whisperer—🔝Insights@GossiTheDog because you wouldn’t want Palo Alto Networks to take over.
Hugo Mills@GossiTheDog Is this one of those irregular verbs? I am maintaining / you are restoring / she is pwned.
PhreakByte@GossiTheDog Tabletop Exercise? 😁
Brian Clark@GossiTheDog their main line of business is as a distributor of IT equipment. Lots of smaller IT equipment resellers depend on Ingram Micro to fulfill their orders as Ingram does the warehousing and shipping of the products for them. One example: they are one of Cisco’s largest distributors. Same for thousands of computer accessory makers like Logitech, Belkin, etc.
RootWyrm 🇺🇦
@deepthoughts10 @GossiTheDog this is a fundamental misunderstanding.
Ingram Micro is a *TIER 1*. There are only three of them; IM, TD Synnex, and AVNET. They do not do business with 'small.' I just happen to be a grandfathered customer in good standing from the 90's.
All the low tier MSPs are dealing with an entirely different arm. The minimums for a REAL customer is an insurable LoC of at least $10M last I looked.
@rootwyrm @GossiTheDog so I should have clarified what I meant by small. Some would call $10 million small, others would say medium. Regardless, there are thousands of resellers who rely on Ingram who will be hurting come Monday.
@GossiTheDog and iirc it's not possible to eject a reseller partner (even one that isn't currently placing licences in your tenant) from your MS365 tenant, either - the reseller has to delete the relationship (or maybe, if you can figure out a way to contact them, MS can do it for you).
Can't reseller partners create new global admins to do tenant recovery even if they have no role assigned?
Martin Boller 
@GossiTheDog So that became the baseline..
Cameron@GossiTheDog Worth remembering that Ingram hold highly privileged roles in every 365 tenant they resell to - they can create and manage tenant Global Administrators.
Jeffrey@root @GossiTheDog do want to give the nuance that their ‘regular’ tenant (ingrammicro.com) does not have access to the customer tenants. The GDAP relation is with their MSP tenant (msp.ingrammicro.com).
Not that it matters much if they have access to workstations and idp’s 🤷
@jtig @root @GossiTheDog I'm curious if MS has a thought out trigger condition for 'his methods have become unsound' and just nuking all the GDAP relationships. Probably not something they'd prefer to do, loud, scary, really underscores supply chain risk; but also something where the alternative is potentially a lot worse.
Logan Land@GossiTheDog That doesn’t look good… A ~50 Billion company seemingly hit with ransomware and goes radio silent. www.theregister.com/2025/07/0…
One of many Tims@GossiTheDog Where did you get this information without access to their network or ISP?
@GossiTheDog like, they're not announcing routes?
bashtoni@GossiTheDog One of those business units is AWS resale. Potentially there could be tens or hundreds of thousands of their customer's AWS accounts compromised as part of this - my understanding is that Ingram have full admin privileges to their resale customers accounts.
Many AWS partners use Ingram Micro to provide white label resale, so companies won't necessarily be aware they are affected because they don't deal with them directly.
AnneH
John "Gozzy" Godsland@bashtoni @GossiTheDog Same with Azure. My former employer used an MSP who used Ingram as the reseller. Could be very nasty if even a fraction of those accounts were compromised.
Joel Michael@GossiTheDog pretty much every computer part in your local computer store is distributed through Ingram Micro
JP@jpm @GossiTheDog not anymore
@GossiTheDog reminiscent of the old meme:
- my friend just finished writing his book "how to earn big money", now we just need to get the funds to print
- he should read his book then
- my friend just finished writing his book "how to earn big money", now we just need to get the funds to print
- he should read his book then
@GossiTheDog pretty sure I know of some folks very much nit having a 'Happy Independence Day!'