Ingram Micro says it has recovered from the ransomware attack which broke its ordering and fulfilment system a week ago, but key questions remain to be answered for the channel.
Yesterday, at US Eastern lunch time, Ingram said in an update on its website: “Our teams are now able to process and ship orders received via EDI, or electronically, as well as by phone or email across all of our business regions.
“The security of our IT ecosystem has been a top priority for us throughout this incident. We have implemented security protocols and processes as we recover our systems, and we will continue to communicate our progress as appropriate on restoration of relevant services.”
And then a key update that broke at 1am US Eastern time this morning, and as Europe woke up: “Ingram Micro is pleased to report that we are now operational across all countries and regions where we transact business.
“Our teams continue to perform at a swift pace to serve and support our customers and vendor partners. We are grateful for the support we’ve received from our customers and industry colleagues. This is an industry based on strong and committed relationships that make all the difference.”
Whether that means “fully operational” is unclear, but the global distributor certainly seems to be going in the right direction towards business as normal.
However, there are key questions that remain to be answered by the company.
-The attack happened ahead of the 4 July holiday in the US, and, expecting a slowdown in fulfilment, many channel partners quickly got their orders in just before that slowdown. So what has happened to those orders trapped in closed down sales and fulfilment systems following the ransomware hit?
-Managed service providers need to invoice their end customers for their license and software use through Ingram every month. Most still don’t have access to the Ingram systems to check on that software use. Is there an Ingram workaround to allow MSPs to get paid? There is talk about some MSPs returning to manual calculation systems.
-The attackers claimed to have been inside Ingram’s systems for some time before they unleashed the ransomware to lock systems. As a result, they further claimed to have a huge treasure trove of personal, transactional and financial data. What has happened to this data, and what security protection will Ingram be providing to those individuals and partner organisations affected by the hack of their data down the line?
-And, as with the end of any ransomware attack, we’d all like to know whether Ingram Micro paid the ransom to recover?
