Ransomware Strikes Ingram Micro Amid Active Exploitation of Vulnerabilities

On July 7, 2025, Ingram Micro, a leading IT solutions distributor, fell victim to a ransomware attack by the group SafePay, leading to significant operational disruptions with potential losses estimated at $136 million per day during the recovery phase. The attackers successfully infiltrated the company’s systems through compromised VPN credentials. In tandem, Microsoft has issued critical patches for vulnerabilities in SharePoint, which were actively exploited, resulting in over 75 confirmed compromises across various sectors, including financial and educational institutions. Moreover, CISA's vulnerability summary revealed multiple severe flaws, including OS command injections and authentication bypasses, urging immediate patching. The emergence of a new ransomware group, BERT, targeting healthcare and tech sectors with sophisticated techniques further complicates the threat landscape, highlighting the urgent need for robust cybersecurity measures.

Also In Security Today

Microsoft Patch Release: Microsoft has rolled out critical patches for SharePoint vulnerabilities that allow for unauthenticated remote code execution, impacting numerous organizations. Read more.

CISA Vulnerability Alerts: CISA reported multiple vulnerabilities with CVSS scores of 10, including severe flaws in Ivanti products and Wing FTP server, urging immediate action from affected organizations. Read more.

Ransomware Group BERT: The new ransomware group BERT has emerged, targeting healthcare and tech sectors with advanced PowerShell loaders, conducting operations across multiple continents. Read more.

Exploitation of SolarWinds Flaws: CISA warns of active exploitation of critical vulnerabilities in SolarWinds and Ivanti systems, emphasizing the need for rapid patch application to protect sensitive data. Read more.

Analyst's Take

The attacks on Ingram Micro and the active exploitation of Microsoft SharePoint vulnerabilities underscore an urgent call for organizations to enhance their cybersecurity resilience. With new ransomware groups like BERT emerging, defenders must prioritize patch management and monitor for unusual activity. The continued sophistication of attacks emphasizes the importance of adopting proactive security measures, including employee training and incident response plans. Ensuring systems are regularly updated and vulnerabilities are swiftly addressed will be key in navigating the evolving threat landscape.