- Ingram Micro confirmed suffering from a ransomware attack in July 2025
- It was revealed that it was the work of the SAFEPAY group
- Threat actors added Ingram Micro to his data leak site
Ingram Micro was added to the Safepay data leak site, which means that the countdown is on before the data of data is disclosed on the dark canvas.
The company underwent a ransomware attack in July 2025, which forced it to close certain parts of its infrastructure. Consequently, its commercial operations have been disrupted and some of its employees were sent to work at home.
The company has managed to restore its services fairly quickly, but the disbelievers emitted with 3.5 TB of sensitive data – which they now threaten to release unless they are paid.
Sensitive file teraoctes
At the time of the attack, the company did not say who were the actors of the threat, but Bleeping Compompute Now discovered that the attack was the work of Safepay, a relatively young ransomware operation which emerged between September and November 2024.
This group is engaged in the usual double expression tactics (encryption + data flight) and claims to have violated more than 200 organizations in different industries such as manufacturing, health care or education.
At the time of the attack, it was also said that Safepay broke out on the company’s globalProtect VPN platform and left ransom notes on employees’ devices.
Among the systems affected by the breach was the distribution platform X Even fed by AI Micro and the pulse license supply platform.
If SAFEPAY flees the data of Inernam Micro, it could send undulations into the business world, because it is one of the largest B2B service providers and technology distributors, serving more than 160,000 customers worldwide, including giants such as Apple, HP and Cisco.
