07-31-2025, 09:53 PM
![[Image: Ingram_Micro_on_SafePay_leak_site.jpg]](https://external-content.duckduckgo.com/iu/?u=https://www.bleepstatic.com/images/news/u/1109292/2025/Ingram_Micro_on_SafePay_leak_site.jpg)
The SafePay ransomware gang is threatening to leak 3.5TB of data belonging to IT giant Ingram Micro, allegedly stolen from the company's compromised systems earlier this month.
Ingram Micro is one of the world's largest business-to-business service providers and technology distributors, offering a wide range of solutions to resellers and managed service providers worldwide, including hardware, software, cloud services, logistics, and training.
While BleepingComputer first reported on July 5 that SafePay was behind this incident, the ransomware gang didn't claim responsibility for the attack until earlier this week, when it added the tech giant to its dark web leak portal.
SafePay ransomware is a private operation that surfaced in September 2024 and has since added over 260 victims to its leak site; however, the actual number is likely larger, as only victims who don't pay are listed.
They're also known for stealing sensitive documents before encrypting victims' systems and threatening to leak this stolen data on the dark web if a ransom is not paid.
Since the start of the year, SafePay has become one of the most active ransomware groups, filling the gap left by LockBit and BlackCat (ALPHV) ransomware.
![[Image: 128.gif]](https://external-content.duckduckgo.com/iu/?u=https://i.ibb.co/hJ2HmDxK/128.gif)
