Ingram Micro Ransomware Attack

molan · 2025-07-08T13:53:42.437Z

Ingram Micro Issues Statement Regarding Cybersecurity Incident

anyone following the Ingram Micro Ransomware Outage? It was an unpleasant surprise yesterday when I went to login to our Ingram account to find out about this.

While all the media is talking about the the complete shutdown of Ingram Micro’s systems so they can deal with the attack what I haven’t heard any main stream media about is the risk of the attack pivoting (or already having done so) and taking advantage of Ingrams GDAP (or other Delegated access Ingram may have) Access to customers MS 365 tenants to propagate further as a Supply Chain Attack.

I know I went through our tenants last night and removed all the Ingram GDAP access until things get cleared up.

What is everyone else’s thoughts?

Jay-Updegrove · 2025-07-08T14:06:33.232Z

Thankfully, we don’t use them but I have in the past. None of the accounts or email addresses I personally used with them will exist now.

molan · 2025-07-08T14:08:05.258Z

Are you sure you are sure? They are used behind the scenes by many other companies as the underlying distributor. Something you may want to verify with whomever you do use today.

ode2joy · 2025-07-08T14:10:11.031Z

I saw that in Z’s Snap! yesterday and had the same thoughts. I haven’t been an Ingram customer for years, but I had to wonder what existing customers might be suffering. I used to work for a VAR and had daily dealings with them, and even count a few of my previous account reps as current friends today. I even remember getting stuck at their headquarters in Buffalo during a snow storm and having to sleep in one of the cubicles until we got plowed out. I’m hoping they have a quick and successful recovery and that there is no fallout to customers and such.

Jay-Updegrove · 2025-07-08T14:18:08.858Z

I’ll double-check with our VAR to make sure they’re not impacted but as a direct line-of-sight, we should be clear.

Denis-Kelley · 2025-07-08T17:07:29.785Z

They are the number 2 tech aggregator in the world IIRC. So folks like Dell, CDW, Provantage, etc all pull stock from them. There is TechData, so even if you don’t use them, it may delay some product and licenses.

Jay-Updegrove · 2025-07-08T21:15:07.234Z

Update: I did get in touch with my vendor/rep, who confirmed that while they do business with IM, they don’t share customer data so nothing on our end should be exposed.

molan · 2025-07-08T23:07:38.749Z

as long your VAR doesn’t use IM for MS 365 licensing purchases you should be fine If they do you can see it by looking in your MS 365 admin portal under Settings >> Partner Relationships.

Jay-Updegrove · 2025-07-09T13:47:43.715Z

They don’t, I’ve gone round and round with my VAR about what they need to do to allow access for me and my team, so I’m very aware of who is attached to our MS365 licenses/agreements…

martin0948 · 2025-07-09T18:44:07.431Z

We use them for our monthly SPLA reporting that’s required to be completed by the 5th of the month. Hopefully we’ll get an extension this time around. What a mess.

troydhector8941 · 2025-07-11T14:52:05.647Z

They didn’t “proactively” take anything offline; it was all reactive. It would be wonderful if companies were just honest and transparent.