Ingram Micro restored business operations the evening of July 9 following a nearly weeklong interruption caused by ransomware. The incident is a sobering reminder that no organization is immune to attack, underscoring the importance of closing attack vectors that adversaries repeatedly exploit to inflict damage and steal data.
Attackers typically resort to tried-and-true tactics involving common entry points, says Dave Seibert, CIO of IT Innovators. Those include unpatched software vulnerabilities, phishing, compromised credentials, and links to third parties lacking proper security controls.
“It’s not that these attackers are this damn good,” says Seibert. “It’s not the case. The case is most of the time the vulnerabilities were not properly protected.” As an Ingram Micro partner, IT Innovators was affected by temporarily losing the ability to place orders.
How the Ingram Micro Ransomware Attack Unfolded
As Ingram Micro and recovery teams worked to restore ordering, licensing, and other critical systems, it was unclear how perpetrators shut down the distributor’s operations for almost a week. The company has been stingy with details about the attack.
Ingram Micro, the world’s second largest distributor with $48 billion in revenue, acknowledged on July 5 it had found ransomware “on certain of its internal systems,” took “certain systems offline,” and was “working diligently” to restore them.
On July 8, the company said it was able to restore orders by phone and email. In the evening of July 9, Ingram reported it was “now operational across all countries and regions where we transact business.”
MSPs contacted by MSP Success on July 10 confirmed they were again able to place orders. “We are back in action,” says Lisa Shorr, co-owner of Secure Future Tech Solutions. “We were required to reset our password, but other than that, all else looks the same.”
For MSPs and other Ingram Micro partners, the attack had ripple effects, delaying purchases, services, and projects for the partners’ customers.
Everyone Is a Target
As Ingram worked to restore its systems, an uncomfortable sense of acceptance permeated discussions about the incident. Warning against complacence, Seibert says: “Unfortunately, it’s acceptable. You get numb to it. It’s almost like, ‘Who got hit this week?’”
Jamie Levy, director of adversary tactics at Huntress, echoes the sentiment. “Anyone can become a target of ransomware at any time. It’s all about opportunity [for adversaries], and no business is too large or too small of a target.”
All businesses need to have data backups and prepare a worst-case scenario plan, she says. “This should include having an idea of which incident response (IR) firm you would contact in the event that you have an intrusion or ransomware event.”
Douglas McKee, executive director of threat research at SonicWall, says the Ingram Micro incident confirms adversaries are intent on targeting third‑party distributors to create a ripple effect in the supply chain.
“This isn’t just about silenced servers; it’s a strategic escalation,” he notes. “Organizations must stop viewing these distributors as peripheral and instead harden them as critical infrastructure. From segmented networks to zero‑trust VPN access and continuous validation of MSP channels, we need to build resilience upstream, not just downstream.”
Attack’s Lingering Effects
How badly the attack will hurt Ingram Micro’s brand remains to be seen. “There’s a certain level of brand damage that goes with it,” says Oli Thordarson, CEO of Alvaka Networks. “But the brand damage, if they handle it well, usually resolves itself in about a year.”
For Ingram Micro partners, even if they wanted to divert purchasing to another distributor, doing so may not be practical. Seibert points out that partners’ systems are intertwined with those of the distributor. His purchasing team, he notes, is used to those systems. “We have our distribution source and that’s what our team understands.”
Seibert hopes the industry will learn from this attack but says that it’s hard to learn anything when there’s little transparency about causes.
MSP Success emailed Ingram Micro with questions regarding the incident and recovery, but had not yet received a response when this story posted.
