Ransomware Group: SAFEPAY

VICTIM NAME: ingrammicro[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page concerns Ingram Micro, a major global technology and supply chain services provider based in the United States. Established in 1979, Ingram Micro offers a wide range of solutions including cloud computing, mobility, and supply chain management, serving diverse markets such as IT and consumer electronics. The leak was discovered on July 29, 2025, and includes a screenshot of the affected website, illustrating potential internal references or compromised areas. The breach appears associated with the group “safepay,” indicating possibly malicious activity targeting the company’s infrastructure.

The compromised data involves a considerable amount of data extraction related to infostealer activity, with references to numerous malicious tools like Raccoon, RedLine, and others. The leak includes metadata indicating over 10,000 user accounts and multiple third-party relationships, potentially exposing sensitive information about the company’s digital environment. The leak’s contents do not specify individual PII or sensitive internal credentials but highlight the scope of the data exfiltrated. The presence of download links suggests that some of the stolen data is accessible or has been shared publicly on the dark web.