SafePay ransomware leaks 3.5TB of Ingram Micro data
▼ Summary
– SafePay ransomware gang threatens to leak 3.5TB of data stolen from IT giant Ingram Micro, which they compromised earlier this month.
– Ingram Micro is a major global B2B technology distributor, offering hardware, software, cloud services, and logistics solutions.
– SafePay, a private ransomware operation active since September 2024, has listed over 260 victims and steals data before encrypting systems.
– Ingram Micro recovered quickly from the attack, restoring systems within days, but hasn’t confirmed SafePay’s involvement or data theft.
– SafePay has become one of the most active ransomware groups in 2024, filling the void left by LockBit and BlackCat.
A major cybersecurity incident has rocked the global technology sector as the SafePay ransomware group claims responsibility for stealing 3.5TB of sensitive data from Ingram Micro, one of the world’s largest IT distributors. The breach marks another high-profile attack by the increasingly active cybercriminal operation, which has rapidly gained notoriety since emerging last year.
Ingram Micro, a powerhouse in business technology solutions serving clients across hardware, software, and cloud services worldwide, reportedly suffered system-wide disruptions earlier this month. While initial reports pointed to ransomware, SafePay only publicly claimed the attack this week by listing the company on its dark web leak site. The group typically publishes stolen data from victims who refuse to pay ransom demands, applying pressure through the threat of public exposure.
Security analysts note SafePay has become one of the most aggressive ransomware operators in 2024, targeting over 260 organizations, though experts believe the actual number could be higher. The group follows a familiar playbook: exfiltrating sensitive files before encrypting systems, then demanding payment to prevent leaks. Their rise coincides with the decline of notorious groups like LockBit and BlackCat, positioning SafePay as a dominant threat in the cybercrime landscape.
The attack caused significant operational disruptions for Ingram Micro, including website outages and disabled ordering systems. Employees were instructed to work remotely while the company scrambled to restore services. Internal recovery efforts included a mandatory password reset and multi-factor authentication (MFA) overhaul, measures often deployed after breaches to prevent further unauthorized access.
Despite the severity of the incident, Ingram Micro managed to restore critical systems within days. In a public statement, the company confirmed operations had resumed globally but stopped short of acknowledging SafePay’s involvement or confirming data theft. Cybersecurity researchers continue to monitor the situation, particularly as SafePay’s leak site suggests the stolen data, potentially containing confidential business information, remains at risk of public release.
The breach underscores the persistent threat ransomware poses to major enterprises, even those with robust IT infrastructures. As investigations continue, industry watchers await further details on the scope of the data compromise and whether Ingram Micro engaged in negotiations with the attackers. The company has not yet responded to recent requests for comment regarding the latest developments.
(Source: BLEEPING COMPUTER)
