The cybersecurity landscape has intensified with the emergence of a significant threat from the SafePay ransomware gang, which claims to possess 3.5 terabytes of data stolen from Ingram Micro. The attack, which took place earlier this month, has raised alarms for the tech provider that serves a vast network of resellers and managed service providers globally, distributing everything from hardware and software to logistics and cloud services.
"Ingram Micro is pleased to report that we are now operational across all countries and regions where we transact business," said a company spokesperson shortly after the incident. This statement came just four days after the breach was disclosed, suggesting that despite the chaos, Ingram Micro has been active in recovering its systems and stabilizing operations.
"Ingram Micro is pleased to report that we are now operational across all countries and regions where we transact business,"
The initial reports of the ransomware incident surfaced on July 5, 2025. At that time, BleepingComputer first identified SafePay as the ransomware group responsible for the attack. However, it wasn't until recently that SafePay formally acknowledged its involvement by adding Ingram Micro to its dark web leak portal. This operation, which began in September 2024, has already claimed over 260 victims, although the number could be higher as the group lists only non-compliant entities that refuse to pay ransoms.
"Our teams continue to perform at a swift pace to serve and support our customers and vendor partners," added the spokesperson, reflecting a proactive approach amidst the disruption caused by the ransomware attack that had temporarily halted some company operations. Employees were instructed to work from home, and critical systems like the company website and ordering platform were taken offline, a strategy to mitigate further risks during the crisis.
"Our teams continue to perform at a swift pace to serve and support our customers and vendor partners,"
Ingram Micro is known for being one of the largest business-to-business service providers worldwide. The scope of this data breach raises significant concerns regarding the sensitive documents potentially in the hands of cybercriminals. SafePay operates by first stealing sensitive documents before subsequently encrypting the victims' systems, then threatening to publicly release the stolen data unless a ransom is paid.
Despite the alarming situation, Ingram Micro has undertaken measures to safeguard its systems. These include restoring VPN access for employees and implementing a company-wide password reset along with multi-factor authentication (MFA) processes. This approach aims to bolster their defenses against any further incursions and is indicative of a return to normalcy as operations are being restored.
While Ingram Micro has made considerable strides in recovering from the attack, it remains cautious. The company has yet to confirm the full extent of the breach or address initial claims that sensitive data had been exfiltrated. An Ingram Micro spokesperson was unavailable for further comment when inquiries were made for clarification on the incident.
As the situation continues to develop, the implications of this potential data leak extend beyond Ingram Micro’s internal operations. The ramifications for the wider tech industry and its partner ecosystem could be profound, particularly if the leaked data contains sensitive information that affects customer trust and security.
With ransomware becoming an increasingly prevalent threat, the SafePay group's swift rise to activity signals an ongoing trend in cybersecurity. As organizations adapt to a landscape filled with such malicious entities, they must be vigilant in protecting their systems while preparing for rapid response should a breach occur. The situation involving Ingram Micro serves as a stark reminder of the pressing need for robust cybersecurity measures across all sectors.