New Threat Emerges in Ingram Micro Ransomware Attack: What MSPs Need to Know

Article updated on Aug. 1, 2025.

One month after confirming a ransomware attack disrupted its global operations, Ingram Micro may now face an even more serious blow: the potential public release of a reported 35 terabytes of stolen data.

According to Bleeping Computer, the SafePay ransomware gang — previously linked to the initial attack — claims to possess sensitive internal files and is now threatening to publicly leak them. Ingram Micro has not issued a public response to these latest claims, and a company representative was unavailable for comment by press time.

For MSPs, especially those serving SMBs, this turn of events is more than just another high-profile headline. It’s a warning shot about the evolving tactics of ransomware groups. It’s also a call to revisit incident response readiness, supply chain security, and client-facing cybersecurity education.

How Secure Is Your Stack? Start with These Resources.

Even if you or your clients weren’t directly affected by the ransomware attack, it is relevant. MSPs can use this example to prompt internal discussions or client conversations on boosting security posture. Need help? Turn to ChannelPro’s MSP Answer Center on cybersecurity. There are several topics to choose from, including these trending questions:

• How Can I Strengthen My MSP’s Cybersecurity Posture?
• How Do I Build a Comprehensive Cybersecurity Offering for My Clients?
• How Do I Upsell Cybersecurity Services to Existing Clients?
• MSP Liability in a Breach: Am I at Risk for Promises Made in Marketing?
• What Should I Include in a Cybersecurity Incident Response Plan?
• FREE CHECKLIST DOWNLOAD: Assessing Your MSP Team’s Cybersecurity Expertise and Training Needs
• FREE DOWNLOAD: 7 Cybersecurity Pitfalls MSPs Must Avoid

✅ Get all of your cybersecurity questions answered here >> Visit ChannelPro’s Cybersecurity Answer Center

Previous Coverage

No One Is Immune: Ingram Micro Ransomware Attack Underscores Universal Threat to Businesses

When a company with the global scale and resources of Ingram Micro falls victim to a ransomware attack, it sends a clear message to the entire IT ecosystem: No one is too big or too prepared to be targeted.

The original attack just before the July 4 holiday weekend resulted in a “worldwide outage” of Ingram Micro services, according to Dark Reading. Ingram Micro confirmed the incident in a news release issued on July 5, and it worked quickly to restore affected services and investigate the breach.

For MSPs supporting small and midsized businesses, the takeaway is simple: If it can happen to an industry giant, it can happen to anyone.

Timeline of Ingram Micro’s Cybersecurity Incident Response

In its initial announcement, Ingram Micro stated that it launched an investigation with third-party cybersecurity experts and notified law enforcement. In addition, the company’s customer and partner support teams were working directly with those affected, per the statement.

On July 7, Ingram Micro provided an update on restoring transactional business, stating that subscription orders were available globally, though there were some limitations. It directed customers to contact Unified Support to place subscription orders.

Then, late on July 8, the company announced that the attack had been contained and remediated:

“As previously announced, Ingram Micro has been working diligently with leading third-party cybersecurity experts to investigate and remediate the cybersecurity incident announced on July 5, 2025, including proactively taking certain systems offline and implementing other mitigation measures. Based on these measures and the assistance of third-party cybersecurity experts, we believe the unauthorized access to our systems in connection with the incident is contained and the affected systems remediated. Our investigation into the scope of the incident and affected data is ongoing.

“Our team has been working around the clock on this matter to restore affected systems. We have implemented additional safeguards and monitoring measures to protect our network environment as we bring our systems back online.”

The company then on the night of July 9 announced that all business had been restored:

“Ingram Micro is pleased to report that we are now operational across all countries and regions where we transact business. Our teams continue to perform at a swift pace to serve and support our customers and vendor partners. We are grateful for the support we’ve received from our customers and industry colleagues. This is an industry based on strong and committed relationships that make all the difference.”

An Ingram Micro representative directed any requests for further information to the company’s page dedicated to the cyber incident. No further details were included.

More Than an Outage

Security experts at the time said the incident reflected a growing trend in the threat landscape. Attackers are deliberately going after vendors and distributors to cause wider downstream disruption. In fact, this can be considered “strategic escalation,” according to Douglas McKee, executive director of threat research at SonicWall.

Douglas McKee

“Adversaries are increasingly targeting third-party distributors to exploit the supply chain ripple effect. … Organizations must stop viewing these distributors as peripheral and instead harden them as critical infrastructure. From segmented networks to Zero Trust VPN access and continuous validation of MSP channels, we need to build resilience upstream, not just downstream. That starts with embedded product security testing, proactively validating the software and systems in your stack before attackers get the chance.”

For MSPs, that means the risks aren’t confined to the end-user level. Any trusted partner — vendor, distributor, or service provider — can become a target. The ripple effects of an attack can cascade quickly through procurement, service delivery, and customer trust.

You’re Never Too Small

The cyber attack news came on the heels of Ingram Micro unveiling a key partnership with Alvaka Networks. Through this, Ingram Micro’s channel partners get direct access to immediate emergency ransomware remediation services from Alvaka when disaster strikes.

Kevin McDonald

The timely move highlighted how fast response capabilities are becoming a must-have for any channel partner.

In a previous interview, Alvaka COO and CISO Kevin McDonald advised MSPs to practice what they preach when it comes to security practices. “Eat your own dog food. You should be doing everything you’re telling your clients to do — patching vulnerabilities, using MFA, segmenting networks, and reviewing alerts. Don’t assume your firewall is fine just because it’s there. Update it. Monitor it.”

Increasingly, no business is too peripheral to matter. MSPs play a central role not only in protecting their clients but in shoring up the broader supply chain. As attackers seek leverage upstream, resilience must be a shared responsibility across the channel.

Want more helpful guidance on security? Explore the expert-curated tools, checklists, and real-world advice in ChannelPro’s Cybersecurity Answer Center.

Featured image: iStock