Well, it’s coming off a July 4th weekend, so it should be little surprise there was a ransomware attack going into it.
Ingram Micro has suffered a significant cyber attack attributed to the SafePay ransomware group, which disrupted its systems and affected deliveries across Europe, the United States, and Asia. Since July 5, 2025, the company’s website and online ordering systems have been offline. Employees reported finding ransom notes on their devices, indicating a breach that is believed to have occurred through the company’s GlobalProtect Virtual Private Network platform. The company confirmed the presence of ransomware on certain internal systems and is taking steps to mitigate the impact while conducting an investigation with cybersecurity experts. SafePay claims to have accessed sensitive data, including financial information, intellectual property, and customer records, and has demanded a ransom to ensure data security. This group, which emerged last September, has been highly active, reportedly targeting a variety of sectors, with a focus on healthcare and education. According to analysis from Quorum Cyber, SafePay was rated as the fourth most active ransomware group globally as of March 2025, with 43 confirmed victims listed on its dark web site.
Why do we care?
This story is very tactical. It’s tempting to dismiss this as just another big company ransomware story. Ingram isn’t just “another victim” — it’s one of the largest IT distributors globally. MSPs, VARs, and IT providers depend on its systems to provision hardware, software, and cloud services. Even a few days of disruption to online ordering and logistics creates ripple effects downstream, especially in tightly scheduled projects or warranty replacements.
This isn’t about Ingram; it’s about ecosystem fragility. For IT providers, the real strategic takeaway is the exposure created by dependency concentration. One ransomware hit to a critical supplier can create a bottleneck for your entire stack.
Two questions to ask immediately:
- How resilient is your procurement process if Ingram (or a similar distributor) stays offline for a week?
- Have you validated your vendor’s incident response and communicated alternative sourcing plans to clients?
On the security side, revisit VPN reliance. For your clients and your own operations, the attack vector here reinforces that Zero Trust Network Access (ZTNA) or secured remote access solutions are no longer “nice to have” for MSPs—they’re baseline hygiene.