‘Communicate early and often’ is the go-to strategy for many organizations after a ransomware attack, but distribution giant Ingram Micro does not seem to have followed it.
Ransomware attacks have been with us for years—and so have proven strategies for effective communication after such an incident.
So it’s surprising to see that IT distribution giant Ingram Micro does not seem to have followed such a strategy in the wake of a ransomware attack that has reportedly crippled its online ordering systems and product shipments.
[Related: Ingram Micro Confirms Ransomware Attack, Working To Restore Systems To ‘Process And Ship Orders’]
Ingram Micro has been affected by a ransomware attack associated with the cybercriminal group known as SafePay, according to BleepingComputer, which reported that the distributor’s ordering systems have been down since Thursday.
Ingram Micro said in a statement Saturday evening that it is “working diligently to restore the affected systems so that it can process and ship orders.” An Ingram Micro spokesperson told me Monday that the company is not providing any further statement at this point.
The go-to strategy after a ransomware attack is “communicate early and often,” which may be easier said than done.
But there’s often a marked difference in impact upon organizations that follow it and those that don’t.
Two years ago, another IT distributor, ScanSource, faced a similar situation to Ingram Micro after getting hit with ransomware. But ScanSource was the one to first disclose the attack, issuing a press release with basic details about what had happened and what the company was doing about it.
Ingram Micro, on the other hand, only confirmed the incident roughly 36 hours after reports of an outage at the distributor had surfaced.
In speaking with my colleague CJ Fairfield, Stanley Louissaint, founder and principal of New Jersey-based MSP Fluid Designs, summarized the problem succinctly: “The biggest issue in this situation isn’t even the attack itself. It’s the lack of openness and communication.”
Louissaint noted that he hadn’t heard anything from Ingram Micro about the incident, with the last communication from the distributor being a June 26 advertising email. Other partners have reported a similar lack of communication related to the ransomware attack.
Certainly, the July 4 holiday was a probable factor in the timetable for the response. Yet at the same time, no major IT companies should be caught unprepared for a holiday ransomware attack at this point.
That’s especially true when it comes to the July 4 holiday, which few in the channel could forget was the identical timing of the 2021 Kaseya ransomware attack.
To return to the ScanSource comparison, it struck me at the time that there were few obvious signs of concern from partners or even an impact to the company’s stock price after the ransomware attack. Experts who spoke with me noted that this was likely because of the company’s proactive communication about the incident.
Ingram Micro’s stock price, by contrast, is down 4 percent to $21 a share as of this writing Monday morning.
As Gartner’s Paul Furtado told me after the ScanSource attack in 2023, ransomware “doesn’t have the shock and awe that it used to.” And companies are certainly not expected to release a whole lot of specifics about the cause of the attack right off the bat.
Ultimately, customers and partners care less about a cyberattack, in and of itself, than they did in years past. But what they’ll have a harder time forgiving is being kept in the dark.
