An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned.

Update 7/6/25: Added Ingram Micro's confirmation it suffered a ransomware attack below. Also updated ransom note with clearer version.

An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned.

Ingram Micro is one of the world's largest business-to-business technology distributors and service providers, offering a range of solutions including hardware, software, cloud services, logistics, and training to resellers and managed service providers worldwide.
Since Thursday, Ingram Micro's website and online ordering systems have been down, with the company not disclosing the cause of the issues.

BleepingComputer has now learned that the outages are caused by a cyberattack that occurred early Thursday morning, with employees suddenly finding ransom notes created on their devices.

The ransom note, seen by BleepingComputer, is associated with the SafePay ransomware operation, which has become one of the more active operations in 2025. It is unclear if devices were actually encrypted in the attack.

It should be noted that while the ransom note claims to have stolen a wide variety of information, this is generic language used in all SafePay ransom notes and may not be true for the Ingram Micro attack.