The SafePay ransomware gang is threatening to leak 3.5TB of information belonging to IT large Ingram Micro, allegedly stolen from the corporate’s compromised methods earlier this month.
Ingram Micro is without doubt one of the world’s largest business-to-business service suppliers and expertise distributors, providing a variety of options to resellers and managed service suppliers worldwide, together with {hardware}, software program, cloud providers, logistics, and coaching.
Whereas BleepingComputer first reported on July 5 that SafePay was behind this incident, the ransomware gang did not declare duty for the assault till earlier this week, when it added the tech large to its darkish internet leak portal.
SafePay ransomware is a personal operation that surfaced in September 2024 and has since added over 260 victims to its leak web site; nonetheless, the precise quantity is probably going bigger, as solely victims who do not pay are listed.
They’re additionally identified for stealing delicate paperwork earlier than encrypting victims’ methods and threatening to leak this stolen information on the darkish internet if a ransom is just not paid.
For the reason that begin of the 12 months, SafePay has change into one of the crucial energetic ransomware teamsfilling the hole left by LockBit and BlackCat (ALPHV) ransomware.
Ingram Micro entry on SafePay’s leak web site (BleepingComputer)
As BleepingComputer reported earlier this month, Ingram Micro additionally suffered a world outage brought on by the SafePay ransomware assault, with staff informed to earn a living from home and the corporate’s web site and ordering methods taken offline.
Since then, BleepingComputer has discovered that the corporate has been engaged on restoring VPN entry to staff and has additionally carried out a company-wide password and multi-factor authentication (MFA) reset.
Ingram Micro shortly recovered from the incident, restoring most of the inside methods and platforms impacted by the assault inside days, permitting staff larger entry to its ordering system.
“Ingram Micro is happy to report that we are actually operational throughout all international locations and areas the place we transact enterprise. Our groups proceed to carry out at a swift tempo to serve and help our clients and vendor companions,” Ingram Micro introduced simply 4 days after disclosing the assault.
Nonetheless, the corporate has but to substantiate that SafePay ransomware was behind the breach and whether or not the attackers stole information from its compromised methods.
An Ingram Micro spokesperson was not instantly obtainable for remark when BleepingComputer reached out for extra info earlier right now.
CISOs know that getting board buy-in begins with a transparent, strategic view of how cloud safety drives enterprise worth.
This free, editable board report deck helps safety leaders current threat, affect, and priorities in clear enterprise phrases. Flip safety updates into significant conversations and sooner decision-making within the boardroom.
