Kevin BeaumontJul 4
Ingram Micro have been experiencing some kind of ’technical issue’, including of their corporate and orders website.
Show threadKevin BeaumontJul 4
There’s a Register piece on this now. https://www.theregister.com/2025/07/04/ingram_micro_technical_difficulties/
14-hour+ global blackout at Ingram Micro halts customer orders

Exclusive: Fears mount while distie remains silent and phone lines down

The Register
Show threadKevin BeaumontJul 4
Ingram Micro are now 24 hours into a total outage, which includes their website and all of their internal IT.
Show threadKevin BeaumontJul 4
The only comms they’ve posted is this, phone lines are all down.
Show threadKevin BeaumontJul 4
Ingram Micro sell anti-ransomware products and ransomware incident response training btw.
Show threadKevin BeaumontJul 4

If anybody wonders who Ingram Micro are, they turn over $48 billion a year and have about 20 different business units and brands.

Their network border is dead. Haven’t checked network traffic to see if ransomware yet.

Show threadKevin BeaumontJul 5
Ingram Micro had network traffic from their ASN to a C2 server used by SafePay ransomware group, for the past week. #threatintel #ransomware
Show threadKevin BeaumontJul 5

Bleeping Computer confirms: https://www.bleepingcomputer.com/news/security/ingram-micro-outage-caused-by-safepay-ransomware-attack/

#threatintel #ransomware

Ingram Micro outage caused by SafePay ransomware attack

An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned.

BleepingComputer
Show threadKevin BeaumontJul 5

2 and a bit days in and Ingram Micro still haven’t admitted what is happening, instead saying “Maintenance”

They’re both a large MSP and MSSP who sell anti-ransomware services.

#threatintel #ransomware

Show threadKevin BeaumontJul 5
There's also several hundred gigabytes of data out of Ingram Micro's network. I suspect they'll have a long running, uhm, maintenance.
Show threadKevin BeaumontJul 6

Three days in, Ingram Micro have updated their website to say they’re having a cybersecurity incident. They’ve also linked their press release, calling it ransomware. https://www.ingrammicro.com/

It’s a smart play as it makes them the owner of the narrative.

Show threadKevin BeaumontJul 7

Ingram Micro have filed an 8-K for ransomware.

Some incredible wordsmithing here - rather than say when the incident began, they say when they issued a press release. Which was days later than when the incident began. I think this is because they missed SEC reporting deadlines.

https://www.sec.gov/ix?doc=/Archives/edgar/data/1897762/000162828025034372/ingm-20250705.htm

#ransomware

Show threadZack Whittaker
@GossiTheDog live shot of Ingram Micro issuing its press release in the middle of a ransomware attack
Jul 7 at 3:40pmWeb
Show threadEmoryJul 7
@zackwhittaker @GossiTheDog it's just as glorious as enron's shredder evolution