BleepingComputer reports that major global tech distributor and service provider Ingram Micro has confirmed that outages it has been experiencing since Thursday morning have stemmed from a SafePay ransomware intrusion that impacted some of its internal systems.
Investigation into the incident alongside third-party cybersecurity experts and law enforcement is already underway, according to Ingram Micro, which has also adopted mitigation measures as it continues to work on restoring affected systems. Ingram Micro's disclosure comes after its employees' devices were reported to have been injected with ransom notes linked to the SafePay ransomware operation. Aside from compromising employee devices, SafePay which is believed to have targeted Ingram Micro's GlobalProtect VPN platform for initial access was able to infiltrate the organization's Impulse license provisioning platform and Xvantage distribution platform. Operations of Ingram Micro's other internal services were not impacted. More than 220 organizations have already been infected by the SafePay ransomware gang since its emergence in November.
Investigation into the incident alongside third-party cybersecurity experts and law enforcement is already underway, according to Ingram Micro, which has also adopted mitigation measures as it continues to work on restoring affected systems. Ingram Micro's disclosure comes after its employees' devices were reported to have been injected with ransom notes linked to the SafePay ransomware operation. Aside from compromising employee devices, SafePay which is believed to have targeted Ingram Micro's GlobalProtect VPN platform for initial access was able to infiltrate the organization's Impulse license provisioning platform and Xvantage distribution platform. Operations of Ingram Micro's other internal services were not impacted. More than 220 organizations have already been infected by the SafePay ransomware gang since its emergence in November.
