- Ingram Micro confirmed to suffer a ransomware -attack in July 2025
- It has been revealed that this was the work of the Safepay group
- The threat actors have added Ingram Micro to his data leak -Websted
Ingram Micro is added to SafePay’s data coverage site, which means the countdown is on before terabytes of data are leaked on the dark web.
The company suffered a ransomware attack in July 2025 that forced it to close parts of its infrastructure. As a result, its business operations were disturbed and some of its employees were sent to work from home.
The company managed to restore its services pretty fast, but the miscreans were gone with 3.5 TB of sensitive data – which they now threaten to release unless they are paid.
Terabytes of sensitive files
At the time of the attack, the company did not say who the threat actors were but Bleeping computer Now revealing the attack was the work of SafePay, a relatively young ransomware operation that occurred between September and November 2024.
This group engages in the usual double development tactic (encryption + data theft) and claims to have violated more than 200 organizations across different industries, such as manufacturing, healthcare or education.
At the time of the attack, it was also said that Safepay broke through the company’s global protect VPN platform and left Ransom Notes on employee units.
Among the systems that were affected by the violation were Ingram Micro’s AI-driven Xvantage-Distribution Platform and Impulse License-Delivery Platform.
Should SafePay delicious Ingram Micro’s data, they could send ripples throughout the business community as it is one of the largest B2B service providers and technology distributors around, serving more than 160,000 customers globally, including giants such as Apple, HP and Cisco.
