Safepay hackers threaten 3.5 TB Ingram Micro data breach release.
getty
There are two cybersecurity threats that we seem unable to escape from of late: ransomware and data breaches. A recent analysis of more than 1,297 breaches revealed that data breaches increasingly drive ransomware attacks. Although there is the odd anomaly, such as the cybercriminals who threaten to permanently destroy data, the vast majority of ransomware attacks are now more focused on stealing data and using it to extort the victims than ever. “Ransomware tactics continue to evolve, with the growing shift toward extortion over encryption as a clear example,” Deepen Desai, Cybersecurity executive vice president at Zscaler, told me just this week. If you want an example of this, look no further than the Safepay ransomware hackers who have given Ingram Micro until August 1 to pay a ransom or face the publication, the group says, of 3.5 TB of stolen data. Here’s what you need to know.
Safepay Hackers Threaten To Publish 3.5 TB Of Allegedly Stolen Ingram Micro Data
Safepay is a group of ransomware hackers that first burst onto the cybercrime scene in 2024, successfully targeting at least 20 organizations. It has been reported that the group appears to “share a lot of similarities with the LockBit ransomware family,” and, as such, could be a splinter group or rebranding of the notorious threat actors. What is much clearer, however, is that like most modern ransomware threats, Safepay favors double extortion involving not only encrypting systems but holding stolen data to ransom.
On July 5, Ingram Micro, a global information technology services giant, confirmed that it had been a victim of a ransomware attack. Stating that it had “recently identified ransomware on certain of its internal systems,” Ingram Micro said it had taken “steps to secure the relevant environment, including proactively taking certain systems offline and implementing other mitigation measures.” What has been less clear, however, is what, if any, data was stolen during this attack. Updates from the company have said that it is continuing to investigate “the scope of the incident and affected data,” but had not responded to my request for a further statement at the time of publication.
The Safepay hackers claiming responsibility, however, have been more vocal. It has now been reported that the ransomware actors have a countdown clock running on their data leak site that gives August 1 as the deadline before 3.5 TB of alleged Ingram Micro stolen data will be published.
“This is a tactic threat actors use to place more pressure on victims, hoping to encourage them into paying,” Peter King, principal consultant at Acumen Cyber said, adding that “given the notice is still up on Safepay’s leak site, this suggests Ingram Micro hasn’t opted to pay.”
“Organizations can protect against SafePay and similar types of ransomware attacks by placing strict access controls on their systems, strong authentication like multi-factor authentication,” Chris Hauk, a consumer privacy champion at Pixel Privacy, advised, “monitoring for newly discovered vulnerabilities, and implementing secure VPN connections to provide remote access.”
This is a developing story, and I will update it as more information, from the hackers or Ingram Micro, is forthcoming.
