- Ingram Micro confirmed suffering a ransomware attack in July 2025
- It has been revealed that this was the work of the Safepay Group
- Threat actors have added Ingram Micro to their data leakage site
Ingram Micro has been added to Safepay’s data leakage, which means that the countdown is on before data terabytes are filtered into the dark network.
The company suffered a ransomware attack in July 2025 that forced him to close parts of his infrastructure. As a result, their commercial operations were interrupted and some of their employees were sent to work from home.
The company managed to restore its services quite fast, but the criminals eliminated 3.5 TB of confidential data, which now threaten to release unless they are paid.
Sensitive file terabytes
At the time of the attack, the company did not say who the threat actors were, but Bleepingcomputer Now he has discovered the attack was Safepay’s work, a relatively young ransomware operation that emerged between September and November 2024.
This group is involved in the usual double -extension tactics (encryption + data theft), and claims to have violated more than 200 organizations in different industries, such as manufacturing, health or education.
At the time of the attack, it was also said that Safepay crossed the company VPN GlobalProtect of the company and left rescue notes on employee devices.
Among the systems affected by the violation was the XVantage distribution platform of AI of Ingram Micro, and the impulse license provisioning platform.
If Safepay Fleat Ingram Micro data could send waves worldwide, since it is one of the largest B2B service providers and technology distributors, which serves more than 160,000 clients worldwide, including giants such as Apple, HP and Cisco.
