Exclusive: SafePay Ransomware Group Adds Ingram Micro to Leak Site for Enhanced SEO.
In the weeks following Ingram Micro’s confirmation of a ransomware attack, the responsible group, SafePay, publicly claimed responsibility for the breach. Tech media outlet Bleeping Computer had reported on the ransom note left by the attackers in early July, identifying SafePay as the perpetrator. However, the hackers did not initially list Ingram Micro as a victim on their leak site. On 30 July, the hackers updated their status, asserting that they had stolen 3.5 terabytes of data from the IT giant. SafePay’s original ransom note had set a seven-day deadline for payment, but the latest communication indicated a new three-day ultimatum for data publication.
Ingram Micro first reported the incident on 5 July, stating that they had identified ransomware on certain internal systems. Upon discovering the issue, the company took immediate action to secure its environment, which included taking specific systems offline and implementing various mitigation measures. Ingram Micro also initiated an investigation with the help of leading cybersecurity experts and notified law enforcement. By 7 July, the company began restoring its business processes, gradually returning to normal operations.