Ingram Micro has confirmed a cyber attack on its systems, carried out by the emerging SafePay ransomware group. The breach, which occurred last week, disrupted operations and deliveries across key regions, including Europe, the United States, and Asia.

The IT distribution giant revealed that ransomware was detected on select internal systems. The company quickly responded by taking affected systems offline and deploying containment measures. Ingram Micro also initiated a full-scale investigation, bringing in top cybersecurity experts and notifying law enforcement authorities.

According to reports from Bleeping Computer, the SafePay group has claimed responsibility. The group allegedly exploited vulnerabilities in Ingram Micro’s GlobalProtect VPN system to gain extended access to its network. In a ransom note, SafePay criticized the company’s network setup and claimed it had accessed a trove of sensitive information — including financial data, IP, customer records, legal documents, and bank details.

SafePay offered a “mutually beneficial” resolution, proposing to delete the stolen data and provide decryption keys in exchange for payment, emphasizing their purely financial motives.

This marks another high-profile strike for SafePay, which has grown rapidly since its emergence in September. A March report by Quorum Cyber ranked SafePay as the fourth most active ransomware group globally. By May, Cyble’s analysis showed it had become the most aggressive, with 58 victims attributed to its attacks.

The group primarily targets the US, Germany, and the UK, with a strong focus on sectors like healthcare, education, government, finance, and IT. Their methods often involve compromising VPNs or remote desktop credentials acquired through malware or underground marketplaces.

As SafePay’s attacks intensify, cybersecurity experts continue to monitor its movements closely.

Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.

News Source: ITPro.com