Information technology products and services giant Ingram Micro Holding Corp. has confirmed that it was targeted by a ransomware attack that resulted in disruption to its services over the July 4 long weekend.
The ransomware attack is believed to have first struck the company on July 3, when Ingram Micro’s website and ordering systems first went down. According to BleepingComputer, the attack involved the SafePay ransomware group.
SafePay first emerged in September 2024 and uses a double extortion tactic – both encrypting data and stealing it before then demanding a ransom payment to provide a decryption key and to promise not to reveal the stolen data. In a summary of the group in June, security firm Forta LLC noted that unlike many ransomware groups in 2025, SafePay designs and deploys its ransomware campaigns itself and does not rely on affiliates – a ransomware-as-a-service model – to attack potential targets.
While Ingram Micro did not confirm the type of ransomware involved, the company did say that upon learning of the issue, it took steps “to secure the relevant environment, including proactively taking certain systems offline and implementing other mitigation measures.” The company has also launched an investigation with leading cybersecurity experts, notified law enforcement and is working on restoring affected systems.
The ransomware attack has also raised concern among Ingram Micro’s customers, with Dark Reading reporting that one executive at a managed service provider said that they fear ransomware actors could use Ingram Micro platforms to access its network. The executive added that his company is removing third-party privileged access to its Microsoft tenant to close off the potential attack vector.
While not officially confirmed, Bleeping Computer, citing sources, also claims that the threat actors breached Ingram Micro through its GlobalProtect VPN platform.
“The attack on Ingram Micro allegedly by SafePay is another example of the preference for threat actors to use compromised credentials to penetrate proprietary systems, in this case, gaining access to the virtual private network of Ingram Micro,” Jim Routh, chief trust officer at cloud identity security and management solutions provider Saviynt Inc., told SiliconANGLE via email. “Enterprises have an opportunity to improve their identity security capabilities to resist these types of attacks in the future.”
On what may happen next, Rebecca Moody, head of data research at tech research site Comparitech, told SiliconANGLE that “SafePay is renowned for both encrypting systems and stealing data, so if ransom demands aren’t met, it’s likely we’ll see Ingram Micro popping up on SafePay’s data leak site in the coming days/weeks.”
“Over the last couple of months, SafePay has stolen an average of 111 GB of data from each victim, which can lead to significant breaches,” added Moody. “A prime example is Marlboro-Chesterfield Pathology, P.C., which was targeted by SafePay in January 2025, with the group allegedly stealing 30 GB of data. The healthcare company subsequently issued data breach notifications to nearly 236,000 people.”
Photo: Ingram Micro
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
