This site is part of the Informa Connect Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 3099067.

The MSP Summit
Sept 28-30, 2026
Loews Royal PacificOrlando, FL
Subscribe
Menu
Subscribe
Ingram Micro CEO Bay Discusses Rapid Ransomware Recovery
By Dave RaffoShareshare

Paul Bay of Ingram Micro (left) and Robert DeMarzo of Channel Partners

After going through a situation no CEO ever wants to face, Ingram Micro CEO Paul Bay talked about the experience at the MSP Summi

Bay addressed not only the technology behind Ingram Micro's recovery from a July ransomware attack, but also the process.

"I love talking to customers and partners, and I want to get on and start doing group calls to say, 'Here's what we're doing, here's where we're at,’” Bay said during a keynote interview with Channel Partners’ Robert DeMarzo. “But unfortunately, when it's a criminal situation that you have to deal with, you're limited to the amount of information that we can provide, especially as a publicly traded company."

The distributor was offline from July 3 until fully restoring operations July 9. Ingram and federal agencies are still trying to determine the full impact of the attack. Bay thanked the audience of MSPs for their patience and understanding in the process.

But Bay said it could have been worse if not for Ingram’s three-year-old Xvantage digital platform. Xvantage serves as a digital twin for Ingram’s internal operations and partner experience, making recovery from the attack easier. Bay said Ingram had pulled all of its data out of legacy ERP systems.

"The modularity that we have from Xvantage allowed us to really shut down and contain, and then when we started getting the business continuity, bringing those pieces back up while we could still address the issues in the background," Bay said.

Still, there are frequent reminders of the situation.

"We're going through it unfortunately, not just from our business lives, but from our personal lives,” Bay said. “I've had three letters sent to me in this last quarter from a personal perspective of data."

This wasn’t the first time Bay addressed the attack and its aftermath publicly. During Ingram Micro’s most recent earnings call last month he attributed the distributor’s strong quarter partly to its resolution from the incident.

“While no company wants to face the increasing reality of such an attack, our response reflects the way we do business as a platform company,” he told investors on the call. “Although some uncertainty remains regarding the potential impact on our business and future results … I want to emphasize that the incident had no impact on our Q2 results.”

He said after identifying ransomware in internal systems, “we quickly took our systems off-line, launched an investigation with top cybersecurity experts and notified law enforcement. With respect to the incident, certain data was exfiltrated from our systems in conjunction with this incident. We have engaged a third-party data analysis firm to assist us in reviewing the relevant data. This process is ongoing and complex. Should we determine that personal information was affected, we will provide notification based on relevant regulations.”

Ingram, which became a public company a year ago, has more than 160,000 customers and recorded $12.8 billion in sales last quarter.