‘Let me address a very important aspect as we talk about operation efficiency,’ says Sanjib Sahoo, president of the global platform group at Ingram Micro. ‘About two weeks ago, we experienced a ransomware incident in our internal systems. We took proactive actions and immediately turned down our systems. We worked with some cybersecurity third-party experts to reach containment and remediation very quickly, within days.’
A top Ingram Micro executive said that the Irvine, Calif.-based IT distribution giant’s ability to recover from a July 4 weekend ransomware attack was “because of the breadth and ability of our Xvantage platform.”
The comments came from Sanjib Sahoo, president of Igram’s global platform group, who also said in an investor call Thursday that the distributor worked with third-party cybersecurity experts “to reach containment and remediation” after the attack.
“Let me address a very important aspect as we talk about operation efficiency,” he said. “About two weeks ago, we experienced a ransomware incident in our internal systems. We took proactive actions and immediately turned down our systems. We worked with some cybersecurity third-party experts to reach containment and remediation very quickly, within days.”
The company has issued updates on its website about the ransomware attack, but this is the first time an executive has spoken publicly about it.
The ransomware attack began around July 3 and is reportedly associated with the SafePay ransomware organization.
[Related: SafePay Is A ‘Highly Specialized’ Hacker Group With An Unusual Approach: Experts]
Upon identifying ransomware on internal systems, Ingram Micro proactively took systems offline as a mitigation measure and launched an investigation with cybersecurity experts while also notifying law enforcement.
The attack affected Ingram Micro’s website, online ordering systems and key platforms such as Xvantage.
The company made progress in restoring its systems through the following week, with subscription orders becoming available globally by July 8. On July 10, it fully restored global operations.
“The fact that we could turn back our operations perfectly fast and quickly is because of the breadth and ability of our Xvantage platform,” Sahoo said on the investor call. “I really want to thank all our customers, vendors, partners [and] employees, from the bottom of my heart and our hearts, [for showing us] that they trust us as a platform company to do business. So I’ll start with saying thank you.”
Partners have mostly stuck by Ingram during and after the attack.
One Ingram Micro partner, Mark Essayian, told CRN that he knew the company had to be “very careful” with communications.
“As a long-term partner, of course I wanted to know all the details ASAP,” Essayian, president of Irvine, Calif.-based KME Systems, told CRN in an email. “I also knew Ingram would protect the business, vendors, staff and partners at the same time. Tough to do and they walked the fine line of openness and protecting us all well.”
He said he is confident in the company’s “incredibly strong tech and leadership team,” and that it’s “nothing short of amazing” how they were able to recover in about a week.
“It’s not that they don’t want to be more open,” he said. “But anyone that understands this type of event knows all communication must be careful and measured.”
