A significant cyberattack has targeted Ingram Micro, a major worldwide IT distribution company. The incident, which took place last week, has been connected to a ransomware distribution group called SafePay. Operations in important areas, including the US, Europe, and Asia, were disrupted by this cyberattack.
The company said it found ransomware on some of its internal systems. To stop the attack from spreading, Ingram Micro quickly shut down parts of its system. It also called in cybersecurity experts for help. Law enforcement was informed to start an investigation.
Ingram Micro said it acted fast after finding out about the breach. As a safety step, it took some systems offline. It also used other ways to limit the damage. Even so, the attack caused problems. Deliveries and operations were hit, especially in supply chains across many countries.
SafePay Claims Responsibility for the Breach
The ransomware group SafePay says it is behind the cyber attack. Experts say the hackers broke into Ingram Micro’s systems through its GlobalProtect VPN. VPNs are used to help companies connect safely to their networks. But in this case, the VPN may have given the hackers a way in.
In a ransom note reportedly sent by SafePay, the group said Ingram Micro’s IT team made errors while setting up the company’s cybersecurity systems. Because of this, the attackers were able to remain undetected within the network for a considerable amount of time. The group said they gathered a lot of sensitive information while they were inside.
Financial data, banking information, customer and personal files, court complaint records, intellectual property, and other private company documents are thought to be among the stolen data.
In the ransom note, the group said they are not politically motivated and are only seeking money. They offered to delete all the stolen data, keep the attack secret, and provide a key to unlock the encrypted files—only if Ingram Micro agrees to pay the ransom.
The group added that they would follow through on the promises made during the negotiation, if the company cooperated. However, there is no information yet on whether Ingram Micro has responded or paid any ransom.
SafePay’s Fast Rise in Global Cyber Crime
SafePay is not new to cybercrime. But it has grown very fast. The group became known in September last year. Since then, it has attacked many companies around the world. Security experts say SafePay was the fourth most active ransomware group in March this year. In that month alone, it listed 43 victims on its dark web site.
The group mainly targets companies in the US, UK, and Germany. It often attacks in waves. Sometimes, more than ten companies are hit in a single day. The hackers get into systems using weak passwords or stolen logins. These logins are often bought from the dark web. Sometimes, they are taken using harmful software called stealware.
While SafePay has attacked many types of organizations, it has focused heavily on healthcare and education. Other sectors that have fallen victim include government, finance, and IT services.
⚡ Huawei Accused of Copying Alibaba’s AI Brain — Tech War Explodes in China!
In May, a major cybersecurity firm named SafePay the most active ransomware group worldwide, with 58 claimed attacks that month. The group is known for using remote access systems like VPNs or Remote Desktop Protocol to sneak into networks before launching ransomware.
Another illustration of how ransomware groups can still target big, international corporations is the Ingram Micro attack. Although the extent of the damage is still being examined by experts, the incident has seriously disrupted deliveries and operations in three major regions.
To secure its systems and restore impacted services, Ingram Micro is currently still collaborating with experts.