Ingram Micro is slowly regaining stability following a major cyber attack that caused widespread system disruptions.

In a recent update, the company mentioned it has been restoring systems and introducing enhanced security measures after the breach.

It stated that order processing has resumed in most global regions, though certain areas still face restrictions, particularly regarding tech hardware orders.

"Ingram Micro is happy to announce that operations have resumed in all business regions. Our teams are working efficiently to continue supporting our partners and customers," the firm stated.

"Currently, we are capable of handling and shipping orders placed via EDI or electronic means, as well as through phone or email across all business units."

The last areas to return to normal operations include Austria, Canada, Singapore, the Nordic countries, and those served by its Miami Export branch.

Previously restored regions where orders could be processed—though with some limitations on hardware—include Brazil, China, France, Germany, India, Italy, Portugal, Spain, and the UK.

For subscription-related orders, the company advises customers to reach out to Unified Support.

Since the attack, Ingram Micro has taken certain systems offline and implemented additional protective actions.

"Thanks to these steps and the help of external cybersecurity specialists, we believe unauthorized access related to this incident has been stopped and affected systems have been addressed," the statement read.

"We are continuing our investigation into the full extent of the incident and what data may have been impacted."

What occurred during the Ingram Micro cyber attack?

Ingram Micro first disclosed the cyber incident last week, with the SafePay ransomware group taking credit for the attack.

According to reports, SafePay allegedly gained entry through the company’s GlobalProtect virtual private network (VPN).

This group is an emerging force in the ransomware landscape, having attracted attention recently. SafePay uses a “double extortion” strategy, both encrypting systems and stealing sensitive information.

This method increases pressure on victims by threatening public data leaks and operational shutdowns.

Research conducted by Halcyon shows that SafePay has been leveraging an updated version of LockBit's late-2022 code.

The group utilizes various tactics, techniques, and procedures, such as exploiting known vulnerabilities in widely used enterprise software to gain initial access. Once inside, they use legitimate remote administration tools for persistence and credential-theft utilities like Mimikatz.

Halcyon’s analysis of SafePay highlighted that despite being relatively new to the ransomware scene, the group exhibits "a notable level of technical expertise and operational consistency."

This, according to the report, implies that the group "may be led by seasoned cybercriminals."

Don’t forget to follow php.cn on Google News for all the latest updates, expert insights, and in-depth coverage.

The above is the detailed content of Ingram Micro cyber attack: IT distributor says system restoration underway – but some customers might have to wait for a return to normality. For more information, please follow other related articles on the PHP Chinese website!