Kevin BeaumontIngram Micro have been experiencing some kind of ’technical issue’, including of their corporate and orders website.
There’s a Register piece on this now. https://www.theregister.com/2025/07/04/ingram_micro_technical_difficulties/
Ingram Micro are now 24 hours into a total outage, which includes their website and all of their internal IT.
Ingram Micro sell anti-ransomware products and ransomware incident response training btw.
If anybody wonders who Ingram Micro are, they turn over $48 billion a year and have about 20 different business units and brands.
Their network border is dead. Haven’t checked network traffic to see if ransomware yet.
Ingram Micro had network traffic from their ASN to a C2 server used by SafePay ransomware group, for the past week. #threatintel #ransomware
Bleeping Computer confirms: https://www.bleepingcomputer.com/news/security/ingram-micro-outage-caused-by-safepay-ransomware-attack/
2 and a bit days in and Ingram Micro still haven’t admitted what is happening, instead saying “Maintenance”
They’re both a large MSP and MSSP who sell anti-ransomware services.
There's also several hundred gigabytes of data out of Ingram Micro's network. I suspect they'll have a long running, uhm, maintenance.
Three days in, Ingram Micro have updated their website to say they’re having a cybersecurity incident. They’ve also linked their press release, calling it ransomware. https://www.ingrammicro.com/
It’s a smart play as it makes them the owner of the narrative.
greem@GossiTheDog refreshingly honest, in comparison to M&S at least.
Expertenkommision Cyberunfall“refreshing honest” would have been wighin the first two hours…
Ray—Golden Retriever Whisperer—🔝Insights@GossiTheDog because you wouldn’t want Palo Alto Networks to take over.
Multi :companion_cube:@GossiTheDog how/where do you observe global network flow like this, fwiw?
Hugo Mills@GossiTheDog Is this one of those irregular verbs? I am maintaining / you are restoring / she is pwned.
Infoseepage@GossiTheDog Whenever you exfiltrate that much from across an enterprise, there are bound to be tons of technical docs on network layout and control and some spreadsheet somewhere where some dufus is writing down passwords. They'll be playing whack-a-mole with these same guys forever unless they rebuild their network from scratch with all knew credentials.
Eric Likness@GossiTheDog They need to un-event the Event.
PhreakByte@GossiTheDog Tabletop Exercise? 😁
Brian Clark@GossiTheDog their main line of business is as a distributor of IT equipment. Lots of smaller IT equipment resellers depend on Ingram Micro to fulfill their orders as Ingram does the warehousing and shipping of the products for them. One example: they are one of Cisco’s largest distributors. Same for thousands of computer accessory makers like Logitech, Belkin, etc.
RootWyrm 🇺🇦
@deepthoughts10 @GossiTheDog this is a fundamental misunderstanding.
Ingram Micro is a *TIER 1*. There are only three of them; IM, TD Synnex, and AVNET. They do not do business with 'small.' I just happen to be a grandfathered customer in good standing from the 90's.
All the low tier MSPs are dealing with an entirely different arm. The minimums for a REAL customer is an insurable LoC of at least $10M last I looked.
@rootwyrm @GossiTheDog so I should have clarified what I meant by small. Some would call $10 million small, others would say medium. Regardless, there are thousands of resellers who rely on Ingram who will be hurting come Monday.
Interpipes 💙@GossiTheDog and iirc it's not possible to eject a reseller partner (even one that isn't currently placing licences in your tenant) from your MS365 tenant, either - the reseller has to delete the relationship (or maybe, if you can figure out a way to contact them, MS can do it for you).
Can't reseller partners create new global admins to do tenant recovery even if they have no role assigned?