Global activities of Ingram Micro resumed after a successful hack recovery
Ingram Micro, a leading global technology firm, has announced that it has restored operations to all parts of the globe where it does business, following a ransomware attack by the cybercrime group SafePay. The attack, which occurred on Saturday, disrupted the company's ability to process orders, causing a significant impact on its business operations in the U.S., Europe, and Asia.
SafePay, a relatively new ransomware group, has been linked to over 200 victims, according to researchers at Acronis. The group is believed to have spun out of LockBit and has been highly active, with a significant number of attacks attributed to them. They have breached companies by exploiting internet-exposed Remote Desktop Protocol (RDP) and targeted VPNs.
In a ransom note, SafePay claimed responsibility for the attack, stating that Ingram Micro's security mistakes allowed them prolonged access to the network. The group demanded payment within seven days, stating that financial gain was their sole motive.
Ingram Micro is investigating the attack with outside forensic experts and has not disclosed how the attackers gained initial access. The company has restored its website but is still assessing the full impact. The investigation into the impact of the incident on Ingram Micro is ongoing.
The company's systems were taken offline to mitigate the attack, and it has begun restoring operations. However, the financial impact remains undisclosed. Ingram Micro is also working with third-party forensic experts on the investigation and is collaborating with law enforcement.
It is unclear how much data SafePay stole during the attack. Ingram Micro operates a digital platform called Ingram Micro Xvantage and is based in Irvine, California. The company has confirmed the ransomware attack and filed an incident disclosure with the Securities and Exchange Commission on Monday.
Ingram Micro is working with customer and vendor partners to support them following the disruption. The company has not provided specific information about the number of customers affected by the hack or the amount of data stolen during the attack. However, it has assured its partners that it is committed to transparency and will provide updates as more information becomes available.
SafePay, notorious for its aggressive ransomware activities, has been active in breaching companies by exploiting internet-exposed Remote Desktop Protocol (RDP) and targeted VPNs, as seen in the recent attack on Ingram Micro. The group, which emerged from LockBit, has been linked to over 200 victims, and in a ransom note, they claimed that Ingram Micro's cybersecurity lapses allowed them prolonged access to the network, demanding payment within seven days, prioritizing monetary gain.
