Ingram Micro back online following cyber incident, claims incident is “contained”

Distributor assures customers it has implemented additional safeguards.

Ingram Micro has “contained” the unauthorised access to their systems and their website is back online following the ransomware attack that was reported over the recent weekend.

In a statement, the distributor said it has been “working diligently” with leading third-party cyber experts to investigate and remediate the cyber incident.

In a recent statement, Ingram Micro said based on these measures and the assistance of third-party cybersecurity experts, they believe the unauthorised access to their systems in connection with the incident is contained and the affected systems remediated.

“Our investigation into the scope of the incident and affected data is ongoing,” they said.

“Our team has been working around the clock on this matter to restore affected systems. We have implemented additional safeguards and monitoring measures to protect our network environment as we bring our systems back online.”

To counteract the attack, the company took several measures, including taking systems offline.

On July 5, US time, Bleeping Computer reported the company had been hit with a ransomware attack associated with the SafePay ransomware organisation.

Among systems that were impacted included Ingram’s highly touted AI-powered Xvantage platform and the Impulse license provisioning platform.

In an email to its customers, Hope McGarry, executive managing director at Ingram Micro Australia said, “We are were working diligently to restore the affected systems so that we can process and ship orders, and we apologise for any disruption this issue may have caused your business.

“While our investigation continues, we are focused on bringing normal order processing capabilities back online for our customers. At the same time, our team is working diligently to restore the affected systems.”

The group behind the attack, SafePay is a “newly emerging threat group” that has only been active since November 2024.

Despite its status as a newcomer, SafePay was the most-active ransomware group in May 2025, according to the NCC Group research.

Ingram Micro’s website and online ordering systems were down since Thursday.