Ingram Micro Faces 3.5TB Data Leak Threat from SafePay Ransomware Group

 

Ingram Micro Faces 3.5TB Data Leak Threat from SafePay Ransomware Group

Some regional websites still recovering as threat actors set August 1 deadline

Cybercriminals behind the recent ransomware attack on Ingram Micro have set a deadline to leak 3.5 terabytes of stolen company data, according to a post published by the SafePay ransomware group on July 29. The attackers say they will release the trove on August 1, escalating the pressure on the global IT distributor in a classic double extortion move.

Although Ingram Micro announced on July 9 that global operations had been restored, its listing on SafePay’s leak site suggests the company may have declined to pay the ransom. This aligns with typical ransomware tactics, where victims are publicly named in a bid to force payment through reputational damage.

Ongoing Recovery and Silence from Ingram Micro

Ingram Micro has not updated its official public statement since July 9, when it declared full operational recovery. The company stated at the time:

“We are now operational across all countries and regions where we transact business. Our teams continue to perform at a swift pace to serve and support our customers and vendor partners.”

Despite this, internal sources previously expressed frustration to The Register over the lack of clear communications during the attack, leaving customers and partners uncertain about the status of services.

Regional Sites Still Coming Back Online

Security researchers and IT watchers noticed this week that some Ingram Micro regional websites, including its Middle East, Turkey, and Africa (META) security portal, only recently came back online after extended outages. While the site has been restored, parts of it remain non-functional, with broken assets and outdated content suggesting a slow and incomplete recovery process.

What’s Next?

If SafePay follows through on its threat, Ingram Micro could soon face a massive data exposure event. The exact contents of the 3.5TB cache remain unknown, but such leaks typically contain sensitive corporate, customer, and financial information — and could lead to regulatory scrutiny, litigation, and reputational harm.

Both Ingram