Ransomware cyber

Ingram Micro

Jul 30, 2025 1 min read
Ingram Micro

The cybercriminals claiming responsibility for Ingram Micro's ransomware attack put a deadline on leaking its data nearly a month after the raid. The SafePay ransomware group posted Ingram Micro to its leak blog on July 29, saying it intends to release 3.5 TB of company data on August 1. In typical double extortion ransomware scenarios, attackers post information about the victim to a leak blog as a pressure tactic. The idea is to heighten publicity about the attack, encouraging the victim to pay the attacker's extortion demands. Ingram Micro confirms ransomware behind multi-day outage.

Source: https://www.theregister.com/2025/07/30/ingram_micro_ransomware_threat/

TPRM report: https://scoringcyber.rankiteo.com/company/ingram-micro

"id": "ing406073025",
"linkid": "ingram-micro",
"type": "Ransomware",
"date": "7/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Technology',
                        'location': 'Global',
                        'name': 'Ingram Micro',
                        'type': 'Company'}],
 'data_breach': {'data_exfiltration': ['3.5 TB of company data']},
 'date_publicly_disclosed': '2023-07-29',
 'description': "Cybercriminals claiming responsibility for Ingram Micro's "
                'ransomware attack put a deadline on leaking its data nearly a '
                'month after the raid.',
 'impact': {'brand_reputation_impact': ['Publicity about the attack'],
            'customer_complaints': ["Complaints about the company's "
                                    'communications'],
            'data_compromised': ['3.5 TB of company data'],
            'operational_impact': ['Global business operations disrupted',
                                   'Websites offline']},
 'motivation': 'Extortion',
 'ransomware': {'data_exfiltration': ['3.5 TB of company data'],
                'ransom_paid': ['Did not pay up'],
                'ransomware_strain': 'SafePay'},
 'references': [{'source': 'The Register'}],
 'response': {'communication_strategy': ["Ingram Micro's public information "
                                         'page update',
                                         'Complaints about communications'],
              'containment_measures': ['Ingram Micro previously said it had '
                                       'contained the incident'],
              'remediation_measures': ['Restored global business operations',
                                       'Restored some of its lesser-used '
                                       'websites']},
 'threat_actor': 'SafePay ransomware group',
 'title': 'Ingram Micro Ransomware Attack',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Ransomware cyber

VMware

public 2 min read
Scattered Spider, a cybercriminal group, has recently targeted VMware ESXi hypervisors, encrypting entire virtual machine infrastructures using DragonForce ransomware. This…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.