The VPN was not ‘the source of the vulnerability or impacted’ in the ransomware attack against distribution giant Ingram Micro, Palo Alto Networks says.
Reports connecting the GlobalProtect VPN system to the ransomware attack against IT distribution giant Ingram Micro are “false,” according to cybersecurity vendor Palo Alto Networks.
Following media reports on July 4 indicating that Ingram Micro was experiencing an outage, the company confirmed that it had been impacted by a ransomware attack and has been working on restoring its systems.
In a statement provided to CRN Tuesday evening, Palo Alto Networks said that the reports “claiming our GlobalProtect VPN was the source of the Ingram Micro cybersecurity incident are false.”
“We can confirm that none of our products were either the source of the vulnerability or impacted by the breach,” Palo Alto Networks said in the statement.
Ingram Micro has been affected by a ransomware attack associated with the cybercriminal group known as SafePay, according to BleepingComputer, which reported that the distributor’s ordering systems have been down since Thursday.
In a series of statements posted online Tuesday, Ingram Micro disclosed further details on its response to the incident and the progress on restoration.
The distributor noted that it “proactively chose to take certain systems offline as part of our mitigation efforts, processes, and protocols associated with this cybersecurity incident.”
Ingram Micro also said that, following remediation efforts carried out with help of third-party experts, it is believed that “unauthorized access to our systems in connection with the incident is contained and the affected systems remediated.”
“Our investigation into the scope of the incident and affected data is ongoing,” the company said.
Additionally, the company said that the U.S. is now among the countries where partners and customers can place orders over the phone or email. “Some limitations may exist which will be clarified as orders are placed,” Ingram Micro said in the statement.
On Monday, Ingram Micro had said it was making “important progress” on restoring its transactional business after the ransomware attack that impacted its systems over the July 4 weekend.
