Ingram Micro Ransomware Incident
Posted by AngryFace1986@reddit | sysadmin | View on Reddit | 30 comments
https://www.theregister.com/2025/07/06/ingram_micro_confirms_ransomware_behind/
Happy Monday to anybody who has a relationship with Ingram :/
bubbles8u8@reddit
Do you suggest to manage the GDAP relationship with Ingram Micro
p71interceptor@reddit
Can you expand on this? This seems to ring a bell relating to our software purchasing.
maxxpc@reddit
It’s probably recommended to terminate your GDAP relationship with Ingram and create a new one when they clean up their house. It’s not required for them to issue you new licensing; it’s used when they get tickets from you to resolve issues.
https://learn.microsoft.com/en-us/partner-center/customers/gdap-partner-terminate
What is GDAP
https://learn.microsoft.com/en-us/partner-center/customers/gdap-introduction
GDAP FAQ
https://learn.microsoft.com/en-us/partner-center/customers/gdap-faq
bubbles8u8@reddit
I'm not sure but I was told that they must have license administrator role to add licenses to the tenant. Maybe I'm wrong.
Can you confirm that they don't need the GDAP relationship to do that?
maxxpc@reddit
I do not believe so but you can confirm with your Partner. I think adding new SKU’s and quantities is a backend process.
I believe License Admin is just to assign licenses to users.
bubbles8u8@reddit
Yes it very likely that you are right! Thank you, I will ask to my partner
AngryFace1986@reddit (OP)
Yes.
Maxtecy@reddit
Better safe than sorry.
thunderwhenyounger@reddit
They deserve it. I worked there in IT and saw all the vulnerabilities, but the leadership team was ignorant and only cared about themselves. Glad I left and even happier this happened. People will get axed for sure.
19610taw3@reddit
I feel like that's all "tech" companies. They sell the stuff, supposedly know and preach all of the best practices ... but stuff like this continues to happen.
Had another supplier get compromised a few years ago. So weird that they can't practice what they preach.
stussey13@reddit
I worked there also as a local IT tech for a NJ plant.
I have a buddy that still works in the ITAD division. He told me last Monday that they are laying off the whole IT division and outsourcing to capgemini.
Two days later this happened
thelinedpaper@reddit
I wouldn't root for anyone to be attacked, but I previously worked there as well and the company culture and the way they treated people was terrible. Probably the worst/most stressful job I've ever had and I was there less than a year!
ShuumatsuWarrior@reddit
Yeah, but not the right people responsible for the vulnerabilities and culture that allowed it
sjk1978@reddit
Pretty rough comments bro.. No one deserves to be ransom attacked.
disclosure5@reddit
Honestly, I don't agree with this.
I've worked in orgs where executives will laugh at you and call you out in front of the team for suggesting databases should be backed up. I've worked in orgs where everyone had to use the same password which had been in place through a decade of hires and fires, and using something else made you "not a team player" (that one was a hospital).
At some point orgs reap what they sow.
thunderwhenyounger@reddit
Work there and you'll know what I mean. I left since they treated people poorly including me. Karma's a bitch.
2910bst@reddit
Thanks for the info. We get all our hardware from them and haven't heard anything about this until now.
ThatOtherITDude@reddit
"SafePay is known for breaking into organizations by using stolen VPN or RDP credentials."
Sounds like they phished someone's password, not anything to do with the VPN software itself.
mnvoronin@reddit
No MFA on C2S VPN?
MrYiff@reddit
If they were really bad at patching they may have been hit by this 10/10 CVE from last year, but surely a company that sells cybersecurity stuff would be on top of their own infra right?????
https://security.paloaltonetworks.com/CVE-2024-3400
Emotional_Diver_4616@reddit
Are any 365 tenets affected that we know if since they have the connection
p71interceptor@reddit
Someone above mentioned that. I'm looking to see if we have any clients in that type of relationship but I think we are all tdsynnex
CeeMX@reddit
Quite ironic that they invited us to webinars for cloud security in aws with their own special solution haha
E-werd@reddit
CDW-G uses Ingram Micro for supply, I'm so damn glad I got my order in on 6/30 and it arrived 7/2.
Thanks for the heads up.
ifpfi@reddit
I wonder if this means VMware will be providing their own support again?
TheDarthSnarf@reddit
I thought that the Ingram/Broadcom relationship ended and most of that was moved over to TD Synnex? Did I miss something?
tankerkiller125real@reddit
LOL, I wonder how Microsoft is handling support given everything everywhere seems to go through Ingram for M365 related support.
arenwel@reddit
TY.
We're stalled since friday.
Buying through another provider in the mean time.
angrydeuce@reddit
Yep I had like 10k worth of shit in the cart I was gonna buy this morning. Whelp so much for that, guess I'll be purchasing elsewhere...
jakedata@reddit
Remind your peeps that stolen data means credible client and vendor impersonation attacks. I haven't seen any information on what was exfiltrated but it won't be good news.