Ingram Micro responds to ransomware incident impacting internal systems
"Ingram Micro recently identified ransomware on certain of its internal systems," the company said in a statement issued on 5 July. "Promptly after learning of the issue, the Company took steps to secure the relevant environment, including proactively taking certain systems offline and implementing other mitigation measures. The Company also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement."
The company is currently focused on restoring affected systems and minimising disruption to business operations. "Ingram Micro is working diligently to restore the affected systems so that it can process and ship orders, and the Company apologises for any disruption this issue is causing its customers, vendor partners, and others," the statement read.
Expert voices warn on supply chain risks
Industry experts have highlighted the growing risks associated with third-party access in the wake of the attack. Gareth Roberts, Head of Delivery at tmc3, a Qodea company, said: "It is crucial to remember that organisations are only as secure as their weakest link. Therefore, assessing the security practices of third-party suppliers and ensuring that data protection standards are being upheld is vital to a company's security posture."
Roberts underscored the importance of communication and transparency throughout the supply chain, noting that technical safeguards also play a key role in preventing such incidents. "To further protect information, businesses can implement specific technical measures such as strong encryption for data both in transit and at rest, which makes it unreadable to unauthorised users. Additionally, enforcing access controls and multi-factor authentication (MFA) helps ensure that sensitive data is only accessible to those who require it," he advised.
Alleged threat actor and industry context
The ransomware incident at Ingram Micro has reportedly been linked to a group known as SafePay, which allegedly accessed the company's systems via a compromised virtual private network (VPN). Jim Routh, Chief Trust Officer at Saviynt, commented: "The attack on Ingram Micro allegedly by SafePay is another example of the preference for threat actors to use compromised credentials to penetrate proprietary systems, in this case, gaining access to the virtual private network of Ingram Micro. Enterprises have an opportunity to improve their identity security capabilities to resist these types of attacks in the future."
Chris Hauk, Consumer Privacy Champion at Pixel Privacy, provided further context regarding the threat landscape. "With the toppling of LockBit and ALPHV, this has opened up 'opportunities' for upstart ransomware groups like SafePay. The group first gained fame with an early high-profile SafePay ransomware attack on UK telematics business Microlise, with SafePay claiming to have stolen 1.2 terabytes of data and demanding payment in less than 24 hours. However, little remains known about the group," Hauk noted.
Hauk added: "The reports I've seen indicate the group moves quickly, with fast encryption times, seeing attacks typically move from system breach to deployment in less than 24 hours."
He emphasised that organisations can protect against similar threats by implementing a series of robust security measures. "Organisations can protect against SafePay and similar types of ransomware attacks by placing strict access controls on their systems, strong authentication like multi-factor authentication, monitoring for newly discovered vulnerabilities, and implementing secure VPN connections to provide remote access," Hauk said.
Ongoing investigation and mitigation efforts
Ingram Micro's statement did not specify the extent of the disruption or when full system restoration is expected. The company has engaged leading cybersecurity experts to support its investigation and has notified relevant law enforcement authorities. The company also apologised for any inconvenience experienced by its customers and partners as a result of the incident.
As the investigation continues, Ingram Micro's experience underscores the persistent threat posed by ransomware and highlights the critical importance of vigilance, secure access management, and strong supply chain security practices within the IT sector.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
8 hours ago
- Techday NZ
Emerging cyber threats for 2025 target healthcare & industry
New research from Secureframe has identified the five most significant emerging cyber threats for 2025, focusing on the risks posed to critical sectors including healthcare, infrastructure, and small and medium-sized businesses. The report by Secureframe analyses recent high-profile breaches along with global threat trends and highlights an environment increasingly shaped by AI-driven attacks, organised cybercrime groups, and the rapid exploitation of newly discovered vulnerabilities. Rising threats across sectors Findings within the report indicate ransomware attacks on industrial operators grew by 46% in the first quarter of 2025 alone. Healthcare breach costs have reached an average of USD $5.3 million per incident, marking a 25% increase above the next closest industry. AI-driven criminal tools are enabling the widespread use of advanced phishing schemes, deepfakes, and malware that adapts to targets in real-time. Supply chain vulnerabilities are also being targeted more frequently by cybercriminals, with third-party vendor breaches now a primary vector for large-scale attacks. One cited example was the collapse of the 158-year-old KNP Logistics due to a ransomware incident, underscoring the real-world impact on businesses of all sizes. Organised cybercrime syndicates The report lists organised criminal networks as the number one threat, noting that these groups are expanding their activities through tools such as automation and ransomware-as-a-service platforms. LockBit is highlighted as an active player despite international efforts to dismantle such organisations, while new groups, including Interlock, are emerging to mimic these operations. AI-powered attacks Attackers are leveraging generative AI to craft realistic phishing lures, create deepfakes, and generate malware that adapts in real-time. In one case, AI-generated content helped defraud over 500,000 investors in the JuicyFields scam. Such developments signify a shift in the sophistication of cyber threats, demanding equally advanced detection and response capabilities. Advanced persistent threats Nation-state actors are intensifying long-term, covert attacks primarily targeting energy providers and defence contractors. Groups such as APT33 and APT39 were particularly active across North America and Europe in 2025, with campaigns designed to evade traditional security measures for months at a time. Zero-day vulnerabilities The research outlines that previously unknown and unpatched weaknesses are being exploited at a record pace. An example in 2025 was a critical flaw in Microsoft SharePoint (CVE-2025-53770) which was actively targeted globally before vendors released a remedy. Software supply chain attacks Third-party software platforms are being leveraged as a point of entry for cyberattacks against broader enterprise ecosystems. Secureframe notes that attacks involving compromised SAP SuccessFactors providers resulted in breaches extending into sectors from healthcare to consumer goods. Industry-specific warnings The healthcare sector is seen as especially vulnerable. The report states: "With 92% of organizations reporting attacks in 2024, the sector must prioritize HIPAA-compliant training and secure offline backups." Critical infrastructure operators in the defence and energy fields are advised to implement the NIST 800-172 and CMMC 2.0 frameworks to respond to escalating threats from nation-state actors. Financial services continue to face risks associated with investment fraud and business email compromise, prompted by increasingly refined social engineering attacks. Mitigation strategies Secureframe's report includes a recommended 10-step cybersecurity playbook designed to align with NIST CSF 2.0 and ISO 27001 standards. Suggested actions consist of emergency patching, multi-factor authentication enforcement, privileged account monitoring, third-party vendor assessments, continuous threat detection, and regular employee phishing simulations and tabletop crisis exercises. Methodology The findings were generated through the examination of cybersecurity incidents across multiple industries, using case studies of attacks on healthcare organisations, infrastructure systems, and large corporations during 2024 and 2025.
RNZ News
29-07-2025
- RNZ News
Sharesies to offer trading in Bitcoin, other cryptocurrency
Bitcoin has ranged between NZ$129,000 and NZ$201,000 so far this year. Photo: CFOTO / NurPhoto via AFP Online investment platform Sharesies is expanding into cryptocurrency trading. Co-chief executive Leighton Roberts said it was responding to customer demand. "More and more people either own crypto or are interested in doing so. As the asset class has matured, we've seen it become more prominent in both institutional and personal investment portfolios. "At Sharesies, we see an opportunity to make crypto investment more straightforward and less overwhelming for New Zealanders -whether they are new to crypto or seasoned investors who want to reduce complexity." Sharesies customers can sign up to a waiting list to get early access to trading, expected to be in August. Roberts said Sharesies would look to remove some of the complexity associated with crypto wallets and keys, and would partner with a leading crypto platform to allow retail customers to be able to buy, sell and hold crypto. It was expected that leading crypto brands such as Bitcoin and Ethereum would be available. Roberts accepted that crypto could be highly volatile and carried higher risk. "As always, we'll be taking an educational approach with a number of initiatives planned to assist customers. We acknowledge that crypto may not be for everyone, but we want to provide people with choice." Bitcoin has ranged between US$77,000 (NZ$129,000) and US$120,000 (NZ$201,000) so far this year. Sign up for Ngā Pitopito Kōrero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.
Techday NZ
29-07-2025
- Techday NZ
Ransomware threats rise, attackers adopt quadruple extortion
A new cybersecurity report highlights the increasing complexity and destructiveness of ransomware attacks targeting businesses and organisations in 2025, with attackers employing advanced extortion tactics and expanding their methods. Akamai has released a qualitative research report entitled "Building resilience amid a volatile threat landscape," which provides an analysis of the operations of prolific ransomware groups such as BlackCat/ALPHV, LockBit, Clop, and RansomedVC. The report explores how these groups have adapted their strategies in response to technological advancements and recent regulatory developments in the UK and elsewhere. Quadruple extortion The report identifies the emergence of quadruple extortion as a growing trend among cybercriminals. Traditionally, ransomware attacks followed a double extortion model, where attackers encrypted a victim's data and threatened to leak it publicly if a ransom was not paid. The new quadruple extortion tactics combine encryption with distributed denial-of-service (DDoS) attacks, public harassment, and threats of regulatory exposure, increasing the pressure on targeted organisations. "Ransomware threats today aren't just about encryption anymore. Attackers are using stolen data, public exposure, and service outages to increase the pressure on victims. These methods are turning cyberattacks into full-blown business crises, and are forcing companies to rethink how they prepare and respond," said Steve Winterfeld, Advisory CISO at Akamai. The sophistication of ransomware groups has been enabled in part by affiliate models, which allow individuals with varying technical abilities to participate in large-scale campaigns. The research found that ideological motivations are also playing a greater role, with some groups driven by political or social causes in addition to financial gain. This complicates the attribution of attacks and presents new challenges for defenders. GenAI and social engineering Another major development highlighted by Akamai is the use of generative artificial intelligence (GenAI) and large language models (LLMs) to automate aspects of ransomware campaigns. The report notes that such technologies are making it easier for less technically skilled individuals to write ransomware code and enhance social engineering tactics. This has contributed to an increase in both the frequency and scale of attacks in the past year. Hacktivist and ransomware hybrid groups have become more prominent, often utilising ransomware-as-a-service (RaaS) platforms to extend their reach. Dragon RaaS, which emerged in 2024 from the Stormous group, is cited as an example of this trend, having shifted its focus from large corporations to smaller organisations perceived as having weaker security defences. Impact on nonprofits and education The report also addresses the issue of cryptominers, which while distinct from ransomware actors, often use similar tactics and target sectors believed to be vulnerable. Akamai researchers found that nearly half of the cryptomining attacks examined targeted nonprofit and educational organisations, likely due to resource limitations in these industries. In addition, the TrickBot malware family is identified as a major tool for ransomware deployment. Since 2016, TrickBot has been used by ransomware groups globally to extort more than USD $724 million in cryptocurrency from victims. The Akamai Guardicore Hunt Team recently linked this malware to suspicious activity on the systems of several customers. Regulatory landscape The report provides an analysis of current legal and regulatory efforts influencing how organisations respond to ransomware incidents. Akamai's Vice President and Chief Privacy Officer, James A. Casey, commented on the need for organisations to adopt comprehensive cybersecurity strategies in light of evolving threats and regulatory requirements. Casey notes that while existing cybersecurity laws apply to ransomware, specific regulations focus on discouraging ransom payments. He also highlights the importance of robust cybersecurity measures, incident reporting, and risk management, as well as strategies like Zero Trust and microsegmentation, to build resilience against evolving ransomware threats. Casey stresses the necessity for organizations to stay informed and adapt to emerging threats. The report presents several actionable recommendations for security teams looking to anticipate and counter attacker tactics in 2025. These include staying abreast of the latest threat actor techniques, investing in robust cybersecurity defences such as zero trust and microsegmentation, and ensuring timely incident reporting and risk management strategies are in place. The detailed findings aim to provide organisations with the information they need to strengthen their resilience against ransomware, as threat actors continue to diversify their motives and approaches in a rapidly changing environment.
