The major technology distributor Ingram Micro is currently under threat from the SafePay ransomware gang, which claims to have stolen 3.5 terabytes of sensitive data from the company’s networks earlier this month. The cybercriminal group has now publicly listed Ingram Micro on its dark web leak portal, escalating the pressure by threatening to release the massive trove of data if its ransom demands are not met. This incident targets one of the world’s largest business-to-business service providers, whose operations are critical to countless resellers and managed service providers globally.
The group behind the threat, SafePay, is a relatively new but highly active ransomware operation that first appeared in September 2024.
Despite its recent emergence, it has quickly become one of the most prolific gangs, filling the void left by the takedowns of notorious groups like LockBit and BlackCat. SafePay is known for its double-extortion tactics, where attackers not only encrypt a victim’s systems but also steal sensitive documents beforehand, using the threat of a public data leak as additional leverage to force a payment. The group has already listed over 260 victims on its site, a number that likely represents only a fraction of their actual attacks.
The cyberattack had immediate and widespread consequences for Ingram Micro’s global operations. The company experienced a significant outage that took its main website and crucial ordering systems offline, compelling employees to work from home. The disruption highlighted the operational vulnerability of even the largest tech companies to sophisticated ransomware attacks and underscored the immediate financial and logistical impact such an event can have on a business and its extensive network of partners.
In response to the disruption, Ingram Micro initiated a swift and comprehensive recovery process. The company reportedly performed a company-wide password and multi-factor authentication (MFA) reset to secure its environment and worked diligently to restore VPN access for its employees. Demonstrating remarkable resilience, Ingram Micro announced just four days after disclosing the attack that it was “operational across all countries and regions,” having restored many of the internal systems and platforms that were impacted.
Despite the rapid restoration of its business platforms, the core threat from the SafePay gang persists. The alleged 3.5TB of stolen data remains a critical issue, with the potential for significant damage if released. To date, Ingram Micro has not publicly confirmed that SafePay was responsible for the breach or validated the claim that its data was stolen. As the company works to fully recover, the technology industry watches closely to see how this high-stakes standoff between a corporate giant and a prominent ransomware gang will unfold.
Reference:
