Ingram Micro, a global distributor of information technology products and services, has confirmed a cyberattack had forced it to shut down part of its infrastructure.
In a statement published on its website, the firm said it has taken “steps to secure the relevant environment, including proactively taking certain systems offline and implementing other mitigation measures.”
It added that it has launched an investigation with the support of cybersecurity experts and notified law enforcement.
The ransomware attack has left customers unable to place orders on its site since Thursday last week.
“Ingram Micro is working diligently to restore the affected systems so that it can process and ship orders, and the company apologises for any disruption this issue is causing its customers, vendor partners and others.”
Ingram Micro claims to be able to reach nearly 90% of the population with its products and services. It provides enterprises with IT hardware and software and works with some of the biggest technology vendors in the world.
The attack has been claimed by the SafePay ransomware group, according to Bleeping Computer, which reported that the group is believed to have breached the firm via its GlobalProtect virtual private network (VPN) platform.
“Your IT specialists made a number of mistakes in setting up the security of your corporate network, so we were able to spend quite a long period of time in it and compromise you,” the group said in a ransom note seen by the publication.
The ransomware gang claims to have accessed data including financial information, intellectual property, accounting records, personal and customer files, bank details, transactions, and information related to lawsuits and complaints – though this has not been confirmed by Ingram Micro.
“We are suggesting a mutually beneficial solution to the issue. You submit a contact request and we keep the fact that your network has been compromised a secret, delete all your data and provide you with the key to decrypt all your data,” it added.
It finalised by saying it is purely financially motivated: “Provided you pay, we will honour all the terms we agreed to during the negotiation process.”
Erich Kron, security awareness advocate at KnowBe4 noted that the attack date of 3rd July, the day be US Independence Day, is no coincidence: “Many times, attackers will delay the attack until a holiday, because they know that response times are going to be slower as employees are away celebrating or travelling.”
“This is a common tactic and should be considered around holidays,” Kron added. “There is a good chance the attackers have been in the network and laying low for days or weeks already.”
According to analysis from Cyble, the group targets a wide range of sectors, focusing mainly on healthcare and education, with other victims in government, finance, and IT.
