The SafePay ransomware gang is threatening to leak 3.5 terabytes of data allegedly stolen from Ingram Micro, a major global IT distributor and service provider.
The cybercriminals claim they exfiltrated the data during an attack on the company’s systems earlier this month.
Ingram Micro is a key player in the tech industry, supplying hardware, software, cloud services, logistics, and training to resellers and service providers around the world. The company has a strong global presence and supports a wide range of business-to-business technology solutions.
While cybersecurity news outlet BleepingComputer initially linked SafePay to the attack on July 5, the ransomware group didn’t publicly take responsibility until recently, when it listed Ingram Micro on its dark web leak site. SafePay is a relatively new but fast-growing ransomware operation that first appeared in September 2024. Since then, it has added more than 260 victims to its leak portal — though this only includes those who refused to pay the ransom.
Like other ransomware gangs, SafePay is known for stealing sensitive data before encrypting victims’ systems. If the ransom demand isn’t met, they typically publish the stolen information online. With groups like LockBit and BlackCat (also known as ALPHV) now quiet, SafePay has emerged as one of the most active ransomware threats this year.
Earlier in July, Ingram Micro experienced a widespread outage as a result of the attack. The company’s website and ordering systems went offline, and employees were instructed to work from home. Since then, the company has been working to restore services, including VPN access, and has implemented a system-wide reset of passwords and multi-factor authentication.
Despite the disruption, Ingram Micro responded quickly. Within a few days, many of its systems were back online, and operations resumed across its global network. “Ingram Micro is pleased to report that we are now operational across all countries and regions where we transact business,” the company said in a public update just four days after revealing the attack.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
However, Ingram Micro has not confirmed SafePay’s involvement in the breach or whether any customer or internal data was stolen. When BleepingComputer reached out for comment, the company did not immediately respond.
