A ransomware attack on Ingram Micro, one of the world’s largest IT distributors, has raised concerns about potential knock-on effects in the Middle East and North Africa region, where the company plays a critical role in supporting regional tech infrastructure.
The attack, which began on Thursday, has disrupted the company’s global operations, with online ordering systems, internal tools, and customer services affected across several regions.
The culprit has been identified as the ransomware group SafePay, which is demanding payment in exchange for the restoration of systems.
While Ingram Micro has not confirmed any affect on its Mena operations, the company maintains a significant presence in the region, with offices and distribution hubs in the UAE, Saudi Arabia, Egypt and other important markets.
Notable regional clients span major industries. In Saudi Arabia, for instance, Ingram Micro delivers solutions for cloud, Cisco networking, Dell Technologies infrastructure and IBM systems to leading enterprises and government bodies.
In Egypt and the UAE, the company has distribution agreements with vendors like Cisco, Acronis, Red Hat, SonicWall and Nvidia, serving sectors including finance, health care, telecom and public administration.
It supplies a wide range of enterprise software, hardware, cloud solutions and IT services to hundreds of regional resellers, systems integrators and corporate clients.
Mena vulnerabilities
Mohamed Amine Belarbi, founder and chief executive of Cypherleak.com, said the attack “underscores a growing and deeply concerning trend: cyber criminals targeting critical nodes in the global IT supply chain”.
He added that for the Middle East, where Ingram Micro maintains a strong operational footprint, the fallout could be significant.
“Many regional value-added resellers, system integrators, and cloud service providers rely on Ingram Micro’s infrastructure to source, deploy and support core technology solutions.”
The Middle East has experienced similar ransomware threats in recent years.
In 2023, UAE telecoms operator Etisalat was listed by the LockBit ransomware group, which claimed to have stolen sensitive corporate data.
That same year, cyber attacks on Mena organisations surged by 68 per cent, with the Gulf alone recording more than 50 ransomware incidents across various sectors, including finance, health care, real estate and energy, according to Group-IB.
In 2022, Moorfields Eye Hospital Dubai was also targeted in a ransomware attack that encrypted internal data, although patient care remained unaffected.
These incidents demonstrate how ransomware continues to exploit weak links in the region’s digital infrastructure, particularly through third-party sellers.
In a statement addressing the continuing system power cut, Ingram Micro confirmed it had recently identified ransomware on specific internal systems.
The company said it acted promptly by taking affected systems offline, securing its IT environment and initiating mitigation measures.
The statement said that the company “launched an investigation with the assistance of leading cyber security experts and notified law enforcement”.
Ingram Micro added that it is “working diligently to restore the affected systems so that it can process and ship orders”, and apologised for any disruption caused to its customers, sellers and partners.
No specific customer or partner data breaches have been reported so far.
However, the continuing disruption highlights the vulnerability of global technology supply chains and their potential to affect businesses far beyond the immediate blast radius.
A sustained disruption, according to Mr Belarbi, affects more than logistics. “It can stall key public and private sector digital transformation projects, delay government IT procurement cycles, and hinder the roll-out of mission-critical systems across sectors like finance, energy and health care,” he said.
He added that these are not just operational delays. “They translate into real cyber security vulnerabilities as organisations stretch resources and scramble for alternatives.”
Ingram Micro is often described as the “backbone” of enterprise IT procurement, and its regional footprint has grown in recent years amid increased demand for digital infrastructure across the Gulf.
It partners with major global sellers, including Microsoft, Cisco, Dell Technologies and HP, distributing their products and services to businesses in the Mena region.
Ingram Micro has not yet responded to The National’s request for comment regarding the status of its Mena operations.
Regional readiness
The SafePay group, which emerged in 2023, is known for attacking large, high-value corporate victims and using double extortion tactics, and demanding payment not only to decrypt systems but also to prevent the release of stolen data.
According to a March report from Cyfirma, SafePay was among the fastest-growing ransomware threats, with its activity surging by 223 per cent, marking it as one of the most rapidly escalating groups in the cyber crime landscape.
“This incident is a wake-up call for Middle Eastern enterprises to rigorously vet the cyber resilience of their upstream vendors and distribution partners,” Mr Belarbi said.
“As the region positions itself as a global tech and innovation hub, supply chain cyber security must become a boardroom issue, not just an IT one.”
The scale and duration of the Ingram Micro incident have underscored the risks that ransomware poses to core digital infrastructure, particularly when it is embedded across several geographies.
While the Mena region has not reported confirmed power cuts, the full extent of the affect may not be clear until operations are fully restored.
Cyber attacks in the region
The incident follows a broader pattern of cyber attacks in the region, including a February breach at cryptocurrency exchange Bybit.
Hackers exploited a vulnerability in a third-party seller to access user data and personal documents uploaded during the platform’s identity verification process.
Although Bybit said no customer funds were stolen, the attack highlighted how even regulated, high-profile digital platforms can be compromised through weak links in their extended supply chains.
Such cases have renewed calls for stronger seller vetting, endpoint security and regional enforcement around digital supply chain protections.
