Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

5 Things To Know On The SafePay Ransomware Group

CRN by CRN
July 7, 2025
Home News
Share on FacebookShare on Twitter


The threat group reportedly responsible for the attack against Ingram Micro is a new and highly active player in ransomware.

The threat group SafePay, which is reportedly responsible for the attack against Ingram Micro, is a new and highly active player in ransomware, according to security researchers.

IT distribution giant Ingram Micro confirmed Saturday evening that it had been impacted by a ransomware attack and that it is “working diligently to restore the affected systems so that it can process and ship orders.”

[Related: Ingram Micro Confirms Ransomware Attack, Working To Restore Systems To ‘Process And Ship Orders’]

CRN has reached out to Ingram Micro for further comment.

BleepingComputer had reported earlier on Saturday that Ingram Micro has been affected by a ransomware attack associated with the cybercriminal group known as SafePay.

Ingram Micro’s online ordering systems have been down since Thursday, according to BleepingComputer.

What follows are five things to know about the SafePay ransomware group.

A New Player

According to a June post from NCC Group, SafePay is a “newly emerging threat group” that has only been active since November 2024.

The post cited “suggestions that Safepay may be a rebrand of other well-known actors LockBit, Alph V, and INC Ransomware.”

LockBit was a highly prolific cybercriminal gang whose operations were disrupted in February 2024 by the FBI and other law enforcement agencies, while Alphv dissolved after the widely felt cyberattack against Change Healthcare.

Highly Active Group

Despite its status as a newcomer, SafePay was the most-active ransomware group in May 2025, according to the NCC Group research.

The report found that SafePay was responsible for 70 attacks in total during the month, or about 18 percent of all attacks.

If it turns out to be true that SafePay consists of members of prominent former ransomware groups such as LockBit and Alphv, “it would explain how a new group was able to attack in high volumes and at speed, as they would in fact be well-resourced and experienced threat actors under a new name,” NCC Group researchers said in the post.

Previous Attacks

A November 2024 incident that helped to bring SafePay to light was the ransomware attack against Microlise, a telematics provider based in the U.K. The attack reportedly included the theft of 1.2 TB of data.

Reported victims of SafePay attacks also included Marlboro-Chesterfield Pathology, an anatomic pathology lab based in North Carolina. In May, the lab disclosed that patient information for more than 200,000 patients had been compromised.

Attack Details Unclear

The specifics of the SafePay attack against Ingram Micro remain unconfirmed at this point, though BleepingComputer reported having seen a ransom note from the group.

While the site reported that it was not clear whether Ingram Micro employee devices had been encrypted, the ransom note did claim that a variety of data had been stolen in the attack — though the language may be boilerplate and not specific to the Ingram Micro incident, BleepingComputer noted.

VPN Breach Claimed

Citing sources with knowledge of the incident, BleepingComputer reported that an entry point for the ransomware attack was a compromise of the GlobalProtect VPN system used by Ingram Micro.

Palo Alto Networks, which is the maker of GlobalProtect, said in a statement provided to CRN that it is “aware of a cybersecurity incident impacting Ingram Micro and reports that mention Palo Alto Networks’ GlobalProtect VPN.”

“We are currently investigating these claims. Threat actors routinely attempt to exploit stolen credentials or network misconfigurations to gain access through VPN gateways,” the company said in the statement.



Source link

Tags: CyberattacksCybersecurity
CRN

CRN

Next Post
Robinhood stock tokens face scrutiny in the European Union after OpenAI warning

Robinhood stock tokens face scrutiny in the European Union after OpenAI warning

Recommended.

Arasan anuncia la disponibilidad inmediata de su IP total para USB2 integrado (eUSB2) con controlador y PHY

Arasan anuncia la disponibilidad inmediata de su IP total para USB2 integrado (eUSB2) con controlador y PHY

July 11, 2025
À l’occasion de NAB 2026, SmallRig présente un écosystème créatif complet pour la caméra DJI Osmo Pocket 4, le projecteur RF 20C et le monopode TRIBEX

À l’occasion de NAB 2026, SmallRig présente un écosystème créatif complet pour la caméra DJI Osmo Pocket 4, le projecteur RF 20C et le monopode TRIBEX

April 21, 2026

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio