Overview
- The SafePay ransomware group added Ingram Micro to its dark web leak portal on July 29 with an August 1 deadline to publish 3.5 TB of allegedly stolen data.
- Ingram Micro completed a company-wide password and multi-factor authentication reset and restored its core business operations by July 9.
- Some regional sites, including the META security portal, have been brought back online, but parts of the distributor’s infrastructure remain inaccessible.
- The company’s public incident page has not been revised since its July 9 restoration announcement and it has yet to acknowledge SafePay’s responsibility.
- Since emerging in September 2024, SafePay has targeted over 260 victims through double extortion, filling the gap left by groups such as LockBit and BlackCat.