Ingram Micro is gradually reactivating customer ordering after containing its ransomware attack. The IT distributor says affected systems have been remediated, but customers report lengthy support queues and poor communication continue to hamper business operations.
Sources speaking to The Register report that Ingram Micro has failed to communicate directly with customers throughout the crisis. Many only discovered where to find status updates after being directed to the company’s status page.
Customers describe support as patchy, with telephone queues so lengthy that some abandoned attempts to increase client license counts. Email attempts receive only automated responses citing ongoing disruption. “The lack of communication is poor,” one customer said. “I get they might not want to reveal all, but some communication and reassurance would be appreciated.”
Deep impact, gradual reboot
Three days after pulling systems offline, Ingram Micro confirmed Tuesday that it believes the unauthorized access has been contained. The company has implemented additional safeguards and monitoring measures as it brings systems back online.
Global availability of subscription orders, renewals, and modifications is now in place through its Unified Support organization. New orders can be placed via phone and email in select countries including the UK, US, Germany, France, Italy, Spain, Austria, Canada, Singapore, the Nordics, Brazil, India, and China.
However, hardware and other technology orders remain limited. The company said these restrictions will be communicated as customer orders are placed.
SafePay group claims responsibility
The attack was attributed to the SafePay ransomware group, which claimed responsibility over the weekend. The group emerged as a major threat in recent months, accounting for 70 attacks in May 2025 alone.
According to SafePay’s ransom note, the company had seven days from receipt to pay extortion demands or risk having its data posted online. The group allegedly infiltrated Ingram’s network through its GlobalProtect VPN platform, though Palo Alto Networks determined this claim was false. We therefore still don’t know the ins and outs based on the attackers’ claims.
Broader security implications
Managed Service Providers reported being unable to serve customers due to lack of access to necessary systems, including software licensing and hardware ordering platforms. The outage affected both routine operations and critical backup license management.
While Ingram Micro says current practices would prevent such attacks today, the incident shows how much of a compounding effect a single compromise can have. The company has yet to release details about potential data impact from the attack.
This continues to be a rather disappointing trend. Earlier this week, retailer Marks & Spencer reported on its attack without discussing whether or not it had paid the ransom demanded by its cyberattackers. Due to obfuscations such as these, other organizations aren’t learning as much as they can from victims. Then again, this may well all be due to legal advice inside affected firms.
Also read: What the Marks & Spencer cyberattack can teach retailers