Safepay Ransomware Group Sets Deadline to Leak 3.5 TB of Ingram Micro Data

The cyber gang known as Safepay has warned that it will publish 3.5 terabytes of data allegedly stolen from global IT distributor Ingram Micro if a ransom is not paid by 1 August 2025. The ultimatum appears on the group’s leak site, where a countdown clock amplifies pressure on the California-based company to negotiate.

From Breach to Extortion

Ingram Micro disclosed a ransomware incident on 5 July, stating that certain internal systems were taken offline as a precaution while investigators assessed the scope of the breach. At the time, the company did not confirm whether attackers had removed data. Safepay now claims responsibility and asserts it exfiltrated a vast trove of sensitive information.

Safepay’s Rapid Rise

Safepay emerged in late 2024 and has struck at least twenty organisations across multiple sectors. Security analysts note code similarities with the notorious LockBit family, suggesting a possible spin-off or rebrand. Like many modern ransomware operations, the group relies on a double-extortion model, encrypting devices while simultaneously threatening to leak stolen files if victims refuse to pay.

Potential Fallout for Partners and Clients

Ingram Micro serves more than 160,000 resellers and enterprise customers worldwide, acting as a key supply-chain hub for technology vendors such as Apple, Cisco and HP. Security experts warn that the exposure of partner contracts, customer records and proprietary product information could ripple through the channel, leading to further phishing campaigns or competitive intelligence losses.

Defensive Measures and Industry Advice

Consultants recommend that organisations facing similar threats tighten access controls, deploy multi-factor authentication, monitor for new vulnerabilities and restrict remote connections to hardened VPNs. While Ingram Micro continues forensic work, the unchanged countdown clock indicates that no payment agreement has been reached, heightening the risk of full data disclosure in the coming hours.

What Happens Next

If Safepay releases the claimed dataset, multiple stakeholders, including vendors, resellers and end users, may need to prepare for credential resets, targeted scams and regulatory notifications. Meanwhile, security researchers will scrutinise the files for insight into the gang’s techniques, hoping to blunt future attacks.

This story remains fluid, and new information from either Ingram Micro or the attackers could alter the situation quickly.

Photo Credit: DepositPhotos.com