‘This is our worst nightmare come true,’ says the CEO for an SP500 company who did not want to be identified. ‘If we can’t place orders or get quotes, it stops our business. We are extremely concerned that this could last for some time and have reached out to Ingram.’
Distribution behemoth Ingram Micro has been hit with a ransomware attack associated with the SafePay ransomware organization, according to a report from Bleeping Computer.
Ingram Micro’s website and online ordering systems have been down since Thursday, according to Bleeping Computer. Among systems impacted are Ingram’s highly touted AI-powered Xvantage platform and the Impulse license provisioning platform, according to Bleeping Computer.
CRN reached out to Ingram Micro for comment but had not heard back at press time.
Partners told CRN they are “extremely concerned” that the ransomware attack could linger for some time and are making plans for alternative sources for products if the situation is not resolved quickly.
“This is our worst nightmare come true,” said the CEO for an SP500 company, who has reached out to Ingram Micro and has not heard back on the extent of the outage. “If we can’t place orders or get quotes it stops our business. We are extremely concerned that this could last for some time and have reached out to Ingram. The lack of communication from them heightens our concern. We are thinking about options right now and have reached out to TD Synnex for help to process orders if this goes on for an extended period of time.”
Visitors to Ingram Micro’s website are greeted with the message: “Maintenance: We are currently experiencing technical difficulties. We apologize for the inconvenience and are working to resolve the issue as quickly as possible. If you have any questions please contact us.” The maintenance message refers visitors to phone numbers for the corporate offices in the east and the west.
Several partners said the lack of communication from Ingram has them deeply worried that the situation could go on for some time
The CEO for the SP500 company said the ransomware attack could not have come at a worse time given the 30-day drive to close out the month of July strong with the end of quarter for OEM partners Dell, HPE and Cisco.
“This is bad for OEMs, partners and clearly Ingram,” said the CEO. “It could be hugely challenging. Since this is a holiday weekend we haven’t placed orders for the last few days. That means the orders will be stacked up starting next week with customers expecting order confirmations and shipping dates. If Ingram can’t provide that it is going to be a significant challenge. We are looking into this now as we speak.”
The CEO for a top Ingram Micro partner, who did not want to be identified, said he fears the ransomware attack could cause shipment delays for some time.
“What concerns me most is that we haven’t had any communication from Ingram Micro,” he said. “I fear this outage could linger and cause shipment delays what would impact us and our customers. The fact that it is the July 4 weekend gives Ingram a few days to deal with this before we start looking for orders and shipments next week. They need to get this up and running as soon as possible. We’ll evaluate our options once we get a response from Ingram regarding our orders and shipments that will go out next week. We haven’t heard anything from Ingram. As customers we need to know what is going on. This leads us to assume that there are bigger issues. That is what is most disturbing.”
The CEO for another SP500 company who did not want to be identified, said he is also concerned that the outage could last for some time given that Ingram Micro has not communicated with partners.
“Our hearts go out to Ingram Micro, its employees, its vendors and its customers,” said the CEO. “I don’t know anything at this point. It follows the same pattern as others that have been breached. It looks like they are not communicating and have gone into shutdown mode. Whatever is going on obviously is not good. At this point it is nice that we do not have all our eggs in one basket. If this does go on for some time, we have alternatives to procure what we need from TD Synnex or D&H. We only hope that Ingram gets to the bottom of this and it ends soon.”
The CEO said it is critical that Ingram communicates to partners the extent of the outage. “I am sure Ingram will communicate soon what is going on,” he said. “Going dark hurts you. You have to communicate and let people know what is going on and you are working on it. That is all you have to do. They don’t expect immediate answers but they want to be communicated with on a regular basis. To remain silent is not healthy.”
The CEO said that ransomware attacks and cybersecurity breaches have become a fact of life. “This shows how vulnerable everybody is today,” he said. “It doesn’t matter whether you are a small business, a medium-sized company or a Fortune 100 company. The bad guys are coming for you and with AI they have a much easier task of getting at companies than they did before. There are certain things you can do to fight them off. You do everything you can but sometimes it is not enough.”
Bleeping Computer reported that sources told the news outlet the threat actors breached Ingram through its GlobalProtect VPN platform.
Furthermore, Bleeping Computer reported that Ingram Micro shut down internal systems, telling employees not to use the company’s GlobalProtect VPN access, which was said to be impacted by the IT outage.
Bob Venero, CEO of Fort Lauderdale, Fla.-based Future Tech Enterprise, No. 81 on the CRN’s 2025 , said he is sure there is a good reason Ingram Micro has not communicated with partners on the cause of the outage whether it is “internally or externally” focused.
“It couldn’t happen on a better weekend from a U.S. perspective based on the fact that it is a holiday and a lot of companies are shut down,” said Venero. “Ingram Micro has that going for them. Hopefully they will be able to resolve this before business operations continue on Monday. I have complete faith that (Ingram Micro CEO) Paul Bay will get this resolved and communicate the results to the partner community.”
Additional reporting by C.J. Fairfield.
