On Easter Monday 2025, British retail chain Marks & Spencer (M&S) was hit by a large-scale ransomware attack. The company is still in “rebuild mode” and will remain so for some time. M&S is not saying whether it paid the ransom demanded. What is the most likely scenario, and does it even matter? For the...Read More

An Iranian ransomware gang has ramped up operations amid heightened tensions in the Middle East, offering larger profit shares to affiliates who carry out cyberattacks against Israel and the U.S., researchers said. The group, known as Pay2Key.I2P, is believed to be a successor to the original Pay2Key operation, which has been linked to Iran’s state-backed...Read More

STORY: Marks & Spencer believes it knows who was behind a costly ransomware attack on the company. Its chairman said Tuesday they think the group was called ‘DragonForce’. Archie Norman told UK lawmakers that ‘loosely aligned parties’ worked together on the cyberattack. He said DragonForce are a ransomware operation they believe is based in Asia....Read More

Overview In the volatile aftermath of the Israel-Iran-USA conflict, a sophisticated cyber threat has re-emerged, targeting organizations across the West. Morphisec’s threat research team has uncovered the revival of Pay2Key, an Iranian-backed ransomware-as-a-service (RaaS) operation, now operating as Pay2Key.I2P. Linked to the notorious Fox Kitten APT group and closely tied to the well-known Mimic ransomware,...Read More

The group claimed dozens of victims but many had already been listed by other ransomware outfits. SatanLock, a ransomware group active since April 2025, has announced it is shutting down. The group quickly gained notoriety, claiming 67 victims on its now-defunct dark web leak site. Cybersecurity firm Check Point says more than 65% of these...Read More

Ingram Micro has issued an update on the progress it is making after its internal systems were crippled by a ransomware attack last week, a breach we previously covered.  On its website, it says: “While work remains, we continue to implement support solutions for customers following last week’s cybersecurity incident. “Today [7 July, US Eastern],...Read More

Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. View our editorial policy here. Ingram Micro has confirmed that a ransomware attack caused the service disruptions that impacted its systems over the July 4 holiday weekend.  The attack forced the company to take...Read More

On 3 July 2025, global IT distributor Ingram Micro suffered a ransomware attack that disrupted core systems and customer platforms across Europe, North America, and Asia. The SafePay group claimed responsibility, alleging in a statement that “misconfigured systems and exposed GlobalProtect VPN credentials” enabled access to Ingram’s network. The attack forced the shutdown of platforms...Read More

Global technology distributor Ingram Micro has confirmed that its internal systems have been compromised by ransomware, leading to significant operational disruptions across its worldwide IT ecosystem operations.  The Irvine, California-based company, which serves nearly 90% of the global population through its distribution network, disclosed the cybersecurity incident on July 5, 2025, following the discovery of...Read More

The recently emerged Bert ransomware group is actively targeting organizations in the US, Asia and Europe using multiple variants and rapidly evolving tactics to evade detection, research from Trend Micro has found. Bert has been observed targeting organizations since April 2025, with confirmed victims in sectors including healthcare, technology and event services. The group downloads...Read More