Ingram Micro Recovers from Ransomware Attack, Restores Operations

Ingram Micro Ransomware Attack

Ingram Micro reported a ransomware incident on July 4 that targeted its internal systems. The company took affected systems offline immediately after discovering the ransomware. Ingram Micro stated, “The Company also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement.” The company is working to restore operations while apologizing for disruptions experienced by customers and vendor partners.

Ingram Micro reported $48 billion in sales last fiscal year, operating as a key connector between organizations and technology manufacturers. The attack was noted to be linked to the SafePay ransomware gang, which has been responsible for multiple attacks, including on other organizations such as government contractor Conduent.

Further details from cybersecurity expert Rebecca Moody indicate that SafePay has conducted 238 attacks, averaging 111 GB of stolen data per incident.

Links:

• Ingram Micro Statement on Cybersecurity Incident
• Ingram Micro Financial Results
• BleepingComputer Report on SafePay Attack

Progress on Restoring Operations

As of July 5, Ingram Micro announced it could again process and ship orders electronically across all business regions following the ransomware attack. The company confirmed that its systems were remediated with the help of third-party cybersecurity vendors, and partners could place orders via email and phone.

Ingram Micro's update emphasized that their teams were making progress in restoring functionalities, stating, “We believe the unauthorized access to our systems in connection with the incident is contained and the affected systems remediated.” The company has faced criticism from partners for the time taken to restore operations, and many had to source products from other distributors.

Links:

• Ingram Micro Status Page
• CRN Analysis of Ransomware Communication
• BleepingComputer Coverage of Incident

Operational Challenges and Updates

Ingram Micro is working on restoring its transactional business, which was disrupted by the ransomware attack linked to SafePay. The company operates a digital platform called Ingram Micro Xvantage, which includes order tracking and personalized recommendations. While subscription orders are being processed, limitations still exist for hardware and technology orders.

The company has communicated ongoing updates about the status of its operations and confirmed that it filed with the Securities and Exchange Commission regarding the incident.

Links:

• Ingram Micro Information Page
• Securities and Exchange Commission Filing
• Halcyon Research on SafePay

Erie Insurance Network Outage Recovery

Erie Insurance has restored full business operations following a month-long network outage. The company confirmed that there is “no evidence” of any data breach during this incident. The insurer stated, “Key services and systems have been safely and securely restored,” and local agents and customer care teams are back to serving customers.

The network outage initiated by Erie was aimed at containing a potential threat. The company previously faced two class-action lawsuits alleging a ransomware group accessed their network, but their recent announcement indicated no such breaches occurred.

Links:

• Insurance Journal on Erie Class Action Lawsuits
• Philadelphia Insurance Update on Network Outage
• Google Threat Intelligence Group on Cybersecurity Trends

Explore our services or contact us for more information. For inquiries, please visit our website.