Asia

Europe

Oceania

Popular Topics

Topics

About

Policies

Our Network

More

by

Ingram Micro threatened by Safepay in releasing 3.5TB data

News
1 Aug 20252 mins
Security

Distributor threatened with the release of 3.5TB of stolen data if it doesn't capitulate.

Ingram Micro 16z9
Credit: JHVEPhoto | shutterstock.com

The Safepay ransomware gang has given IT distributor Ingram Micro until Friday to pay up or it will release 3.5TB of what it claims to be the company’s stolen data.

The threat appeared this week, listing the company on a countdown clock on the gang’s data leak site, according to Luke Connolly, a Canadian-based threat intelligence analyst at Emsisoft.

ARN reported earlier this month, the ransomware attack that started around July 3 triggered a multi-day outage at the international distributor.

Ingram Micro has been asked for comment on this development. However, no reply had been received by press time. In its most recent statement on the attack, Ingram Micro Holdings said on July 9 that it is now operational across all countries and regions where it does business.

According to Emsisoft’s Connolly, Safepay currently lists 265 victims on its dark web data leak site. That’s a large number for less than a year of operation, he said in an email. The gang was identified in September 2024.

Safepay has used LockBit ransomware in the past, but any other relationship with the LockBit gang is unclear, he said.

Its site carries a boast that the gang is not a ransomware-as-a-service operation, meaning it doesn’t have affiliates to identify or initially compromise IT networks.

“While some ransomware groups seek out publicity,” Connolly said, “Safepay appears to prefer a lower profile, possibly due to successful law enforcement activity to identify individuals behind prolific ransomware gangs.”

This may be one reason it doesn’t use affiliates, he added.

According to a recent report by NCC Group on cyber incidents in the second quarter of this year, Safepay was the fourth biggest ransomware player during the three-month period, behind Qilin, Akira and Play. But looking at May alone, it made 70 attack claims, which made it the most active threat group for the month.

Among its known victims, said NCC Group, was Microlise, a logistics technology firm that saw the exfiltration of 1.2TB of company data and the encryption of its virtual machines.

by

Howard Solomon is a Toronto-based freelance reporter who writes on IT and cybersecurity issues.

 

Howard is a former editor of IT World Canada and Computing Canada. An IT journalist over 30 years, he has also written for ITBusiness.ca and Computer Dealer News. Before that he was a staff reporter at the Calgary Herald and the Brampton (Ontario) Daily Times.

Show me more

news

Australian Data Centres appoints ex-Microsoft Mark Pont for expansion push

By Sasha Karen
2 mins
Business OperationsCareersData Center
Image
news

Ingram Micro threatened with ransomware by Safepay gang

By Howard Solomon
2 mins
Security
Image
news

EDGE 2025: Don’t become a ‘culture terrorist’ during M&A

By Sasha Karen
6 mins
Business OperationsIT LeadershipMergers and Acquisitions
Image