Article Details

Ransomware gang sets deadline to leak 3.5 TB of Ingram Micro data. Distie insists global operations restored despite some websites only now coming back online. The cybercriminals claiming responsibility for Ingram Micro's ransomware attack put a deadline on leaking its data nearly a month after the raid. The SafePay ransomware group posted Ingram Micro to its leak blog on July 29, saying it intends to release 3.5 TB of company data on August 1. In typical double extortion ransomware scenarios, attackers post information about the victim to a leak blog as a pressure tactic. The idea is to heighten publicity about the attack, encouraging the victim to pay the attacker's extortion demands. Ingram Micro confirms ransomware behind multi-day outage Although Ingram Micro previously said it had contained the incident, its appearance on SafePay's website suggests that – if it was being extorted as per the ransomware playbook – it did not pay up. The Register approached both Ingram Micro and SafePay for more information. Ingram Micro's listing on SafePay's ransomware leak site Ingram Micro has not updated its public information page about the ransomware attack since July 9, the day it says it restored global business operations. The update states: "Ingram Micro is pleased to report that we are now operational across all countries and regions where we transact business. Our teams continue to perform at a swift pace to serve and support our customers and vendor partners. "We are grateful for the support we've received from our customers and industry colleagues. This is an industry based on strong and committed relationships that make all the difference." Sources who spoke to The Register at the time of the attack complained about the company's communications and not knowing where to look for information. Websites still being restored Infosec watchers also spotted the distie restoring some of its lesser-used websites this week, which had remained offline since the attack. Ingram Micro restored its Middle East, Turkey, and Africa (META) security website, which it uses to promote consultancy and training services, and security solutions. It is now back up and running, although some assets are still not loading due to certain subdomains not being found, and the content does not appear to have been updated in years.