Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Hackers claim to have stolen 3.5 terabytes of data during an attack confirmed by the US IT giant, and the data is to be published within days.
Weeks after Ingram Micro confirmed that it had fallen victim to a ransomware attack, the culprit has come forward and openly claimed responsibility for the hack.
While tech media outlet Bleeping Computer had seen the ransom note left by the attackers in early July and reported that the SafePay ransomware operation was behind the incident, the hackers themselves did not immediately list Ingram Micro as a victim on their leak site.
However, overnight, on 30 July, the hackers finally listed the IT giant, claiming to have stolen 3.5 terabytes of data.
SafePay’s initial ransom note had a deadline of seven days to pay up or the data would be published, though the newly shared leak post appears to have extended that deadline. The group is now threatening to publish the data within three days.
Ingram Micro initially reported the incident on 5 July.
“Ingram Micro recently identified ransomware on certain of its internal systems. Promptly after learning of the issue, the company took steps to secure the relevant environment, including proactively taking certain systems offline and implementing other mitigation measures,” the company said in its initial advisory.
“The company also launched an investigation with the assistance of leading cyber security experts and notified law enforcement.”
From 7 July, Ingram Micro was able to start getting its business processes back online, with normal services continuing to resume through to 8 July. On 8 July, the company said the incident was “contained and remediated”, and by 9 July, all global operations had been restored.
“Ingram Micro is pleased to report that we are now operational across all countries and regions where we transact business. Our teams continue to perform at a swift pace to serve and support our customers and vendor partners,” Ingram Micro said.
“We are grateful for the support we’ve received from our customers and industry colleagues. This is an industry based on strong and committed relationships that make all the difference.”
According to Bleeping Computer’s sources, SafePay likely gained initial access via the company’s GlobalProtect VPN platform. When Palo Alto Networks learnt that its platform may have been the initial attack vector, it released its own statement.
“At Palo Alto Networks, the security of our customers is our top priority. We are aware of a cyber security incident impacting Ingram Micro and reports that mention Palo Alto Networks’ GlobalProtect VPN,” Palo Alto Networks told BleepingComputer.
“We are currently investigating these claims. Threat actors routinely attempt to exploit stolen credentials or network misconfigurations to gain access through VPN gateways.”
Cyber Daily has reached out to Ingram Micro for comment on the latest developments regarding this incident.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
