Kevin BeaumontJul 4
Ingram Micro have been experiencing some kind of ’technical issue’, including of their corporate and orders website.
Show threadKevin BeaumontJul 4
There’s a Register piece on this now. https://www.theregister.com/2025/07/04/ingram_micro_technical_difficulties/
14-hour+ global blackout at Ingram Micro halts customer orders

Exclusive: Fears mount while distie remains silent and phone lines down

The Register
Show threadKevin BeaumontJul 4
Ingram Micro are now 24 hours into a total outage, which includes their website and all of their internal IT.
Show threadKevin BeaumontJul 4
The only comms they’ve posted is this, phone lines are all down.
Show threadKevin BeaumontJul 4
Ingram Micro sell anti-ransomware products and ransomware incident response training btw.
Show threadKevin BeaumontJul 4

If anybody wonders who Ingram Micro are, they turn over $48 billion a year and have about 20 different business units and brands.

Their network border is dead. Haven’t checked network traffic to see if ransomware yet.

Show threadKevin BeaumontJul 5
Ingram Micro had network traffic from their ASN to a C2 server used by SafePay ransomware group, for the past week. #threatintel #ransomware
Show threadKevin BeaumontJul 5

Bleeping Computer confirms: https://www.bleepingcomputer.com/news/security/ingram-micro-outage-caused-by-safepay-ransomware-attack/

#threatintel #ransomware

Ingram Micro outage caused by SafePay ransomware attack

An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned.

BleepingComputer
Show threadKevin BeaumontJul 5

2 and a bit days in and Ingram Micro still haven’t admitted what is happening, instead saying “Maintenance”

They’re both a large MSP and MSSP who sell anti-ransomware services.

#threatintel #ransomware

Show threadKevin BeaumontJul 5
There's also several hundred gigabytes of data out of Ingram Micro's network. I suspect they'll have a long running, uhm, maintenance.
Show threadKevin BeaumontJul 6

Three days in, Ingram Micro have updated their website to say they’re having a cybersecurity incident. They’ve also linked their press release, calling it ransomware. https://www.ingrammicro.com/

It’s a smart play as it makes them the owner of the narrative.

Show threadKevin BeaumontJul 7

Ingram Micro have filed an 8-K for ransomware.

Some incredible wordsmithing here - rather than say when the incident began, they say when they issued a press release. Which was days later than when the incident began. I think this is because they missed SEC reporting deadlines.

https://www.sec.gov/ix?doc=/Archives/edgar/data/1897762/000162828025034372/ingm-20250705.htm

#ransomware

Show threadKevin BeaumontJul 29
Ingram Micro are listed on SafePay ransomware group portal. #ransomware
Show threadKevin BeaumontJul 29
Ingram Micro have restored their cybersecurity website, which had been offline, where they sell anti-ransomware services. The content hasn’t been updated for just over 6 years.
Show threadAlan Miller  🇺🇦
@GossiTheDog I do like their "Security Linecard" for product categorization. https://linecards.ingrammicro.com/security/
Security Line Card

Security Line Card - Discover all the security products and services Ingram Micro has to offer.

Jul 30 at 12:57amWeb
×
Show threadKevin BeaumontJul 6

Three days in, Ingram Micro have updated their website to say they’re having a cybersecurity incident. They’ve also linked their press release, calling it ransomware. https://www.ingrammicro.com/

It’s a smart play as it makes them the owner of the narrative.

Show threadKevin BeaumontJul 7

Ingram Micro have filed an 8-K for ransomware.

Some incredible wordsmithing here - rather than say when the incident began, they say when they issued a press release. Which was days later than when the incident began. I think this is because they missed SEC reporting deadlines.

https://www.sec.gov/ix?doc=/Archives/edgar/data/1897762/000162828025034372/ingm-20250705.htm

#ransomware

Show threadKevin BeaumontJul 29
Ingram Micro are listed on SafePay ransomware group portal. #ransomware
Show threadKevin BeaumontJul 29
Ingram Micro have restored their cybersecurity website, which had been offline, where they sell anti-ransomware services. The content hasn’t been updated for just over 6 years.
Show threadSimon ZerafaJul 29

@GossiTheDog

I'm sensing a profound disturbance in the irony field 🙄🤷‍♂️

Show threadDavid Penfold Jul 29
@GossiTheDog An ancient backup?
Show threadWillJul 29
@GossiTheDog big clap
Show threadOSPF110 ☕Jul 29
@GossiTheDog I got informed they was back online on the 14th of July. I assumed with the quick turnaround they'd paid the ransom.
Show thread8tpercentJul 29
@GossiTheDog maybe they used dialup modem to restore that site.....
Show threadAlan Miller  🇺🇦Jul 30
@GossiTheDog I do like their "Security Linecard" for product categorization. https://linecards.ingrammicro.com/security/
Security Line Card

Security Line Card - Discover all the security products and services Ingram Micro has to offer.

Show threadwinterJul 30
@GossiTheDog That's incredible.
Show threadfuzzyfuzzyfungusJul 30
@GossiTheDog My headcanon is that it's a ransomware canary: Just keep serving the oldest file you can; and if it gets replaced by a newer file you are implying that you've lost access to the data without having to say so publicly. For when someone delivers an insecurity letter to your helpdesk or enterprise VPN appliance.
Show threadGeorge Liquor, AmericanJul 7

@GossiTheDog
Item 8.01. Other Events.

On July 5, 2025, Ingram Micro Holding Corporation (the “Company”) issued a press release stating the Company identified ransomware on certain of its internal systems. Promptly after learning of the issue, the Company took steps to secure the relevant environment, including proactively taking certain systems offline and implementing other mitigation measures. The Company also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement.

A copy of the press release is attached hereto as Exhibit 99.1, noting that the Company is working diligently to restore the affected systems so that it can process and ship orders.
#AltText #Alt4You

Show threadZack WhittakerJul 7
@GossiTheDog live shot of Ingram Micro issuing its press release in the middle of a ransomware attack
Show threadEmoryJul 7
@zackwhittaker @GossiTheDog it's just as glorious as enron's shredder evolution
Show threadvampirdaddyJul 7
@GossiTheDog
German translatio of 8-K
= Ad-Hoc Meldung
https://www.deltavalue.de/form-8-k-sec-filing/
Form 8-K SEC Filing - Definition & Erklärung

Form 8-K Filing (SEC) ✅ Anleitung, Bedeutung & Interpretation ✅ So investierst und handelst du erfolgreich ✅ Jetzt mehr erfahren ➤

DeltaValue.de
Show threadInterpipes 💙Jul 14
@GossiTheDog I didn't see you close the loop here but Ingram say they've been fully operational again since the 9th July (an email just landed in my mailbox promoting https://www.ingrammicro.com/en-us/information )
Show threadgreemJul 6
@GossiTheDog refreshingly honest, in comparison to M&S at least.
Show threadExpertenkommision CyberunfallJul 6

@greem @GossiTheDog

“refreshing honest” would have been wighin the first two hours…

Show threadRay—Golden Retriever Whisperer—🔝InsightsJul 6
@GossiTheDog because you wouldn’t want Palo Alto Networks to take over.