Ingram Micro makes progress on restoring operations following attack

IT service provider Ingram Micro said Monday that it is making progress on restoring its transactional business after a ransomware attack that disrupted its ability to process orders. 

The company operates a digital platform called Ingram Micro Xvantage, which provides insights, order tracking, pricing and personalized recommendations to customers. The company also provides a range of other technology services.

In an update on its website, Ingram Micro said that subscription orders, including renewals and modifications, are available worldwide and are being processed centrally through the company’s support organization.

The company is also able to process orders by phone or email from several countries, including the U.K., Germany, France, Italy, Spain, Brazil, India and China. 

Limitations still exist on hardware and other technology orders, the company said, but it will clarify those as orders are placed. 

The Irvine, Calif.-based company confirmed on Saturday that a disruption last week was the result of a ransomware attack. The company formally reported the attack in a Monday filing with the Securities and Exchange Commission. 

The ransomware gang SafePay has claimed credit for the attack on Ingram Micro. Researchers describe the group as relatively new, having launched in late 2024. Experts say it is most likely a rebrand of older, better-known threat actors. The group uses a modified version of LockBit code dating back to 2022, according to researchers at Halcyon. 

Ingram Micro has not said whether the attack will be considered material to its operations, but it has publicly apologized to customers and vendors for any potential disruptions.