Ingram Micro is a major distributor to technology companies with offices in the Middle East. Pawan Singh / The National
Ingram Micro is a major distributor to technology companies with offices in the Middle East. Pawan Singh / The National
Ingram Micro is a major distributor to technology companies with offices in the Middle East. Pawan Singh / The National
Ingram Micro is a major distributor to technology companies with offices in the Middle East. Pawan Singh / The National

Future

Technology

Ingram Micro cyber attack leads to concerns over Middle East fallout

IT distributor has agreements in UAE and Egypt with sellers including Cisco, Acronis, Red Hat and Nvidia

Dana Alomar
Dana Alomar

July 06, 2025

  • English
  • Arabic

A ransomware attack on Ingram Micro, one of the world’s largest IT distributors, has raised concerns about potential knock-on effects in the Middle East and North Africa region, where the company plays a critical role in supporting regional tech infrastructure.

The attack, which began on Thursday, has disrupted the company’s global operations, with online ordering systems, internal tools, and customer services affected across several regions.

The culprit has been identified as the ransomware group SafePay, which is demanding payment in exchange for the restoration of systems.

While Ingram Micro has not confirmed any affect on its Mena operations, the company maintains a significant presence in the region, with offices and distribution hubs in the UAE, Saudi Arabia, Egypt and other important markets.

Notable regional clients span major industries. In Saudi Arabia, for instance, Ingram Micro delivers solutions for cloud, Cisco networking, Dell Technologies infrastructure and IBM systems to leading enterprises and government bodies.

In Egypt and the UAE, the company has distribution agreements with vendors like Cisco, Acronis, Red Hat, SonicWall and Nvidia, serving sectors including finance, health care, telecom and public administration.

It supplies a wide range of enterprise software, hardware, cloud solutions and IT services to hundreds of regional resellers, systems integrators and corporate clients.

Mena vulnerabilities

Mohamed Amine Belarbi, founder and chief executive of Cypherleak.com, said the attack “underscores a growing and deeply concerning trend: cyber criminals targeting critical nodes in the global IT supply chain”.

He added that for the Middle East, where Ingram Micro maintains a strong operational footprint, the fallout could be significant.

“Many regional value-added resellers, system integrators, and cloud service providers rely on Ingram Micro’s infrastructure to source, deploy and support core technology solutions.”

The Middle East has experienced similar ransomware threats in recent years.

In 2023, UAE telecoms operator Etisalat was listed by the LockBit ransomware group, which claimed to have stolen sensitive corporate data.

That same year, cyber attacks on Mena organisations surged by 68 per cent, with the Gulf alone recording more than 50 ransomware incidents across various sectors, including finance, health care, real estate and energy, according to Group-IB.

In 2022, Moorfields Eye Hospital Dubai was also targeted in a ransomware attack that encrypted internal data, although patient care remained unaffected.

These incidents demonstrate how ransomware continues to exploit weak links in the region’s digital infrastructure, particularly through third-party sellers.

In a statement addressing the continuing system power cut, Ingram Micro confirmed it had recently identified ransomware on specific internal systems.

The company said it acted promptly by taking affected systems offline, securing its IT environment and initiating mitigation measures.

The statement said that the company “launched an investigation with the assistance of leading cyber security experts and notified law enforcement”.

Ingram Micro added that it is “working diligently to restore the affected systems so that it can process and ship orders”, and apologised for any disruption caused to its customers, sellers and partners.

No specific customer or partner data breaches have been reported so far.

However, the continuing disruption highlights the vulnerability of global technology supply chains and their potential to affect businesses far beyond the immediate blast radius.

A sustained disruption, according to Mr Belarbi, affects more than logistics. “It can stall key public and private sector digital transformation projects, delay government IT procurement cycles, and hinder the roll-out of mission-critical systems across sectors like finance, energy and health care,” he said.

He added that these are not just operational delays. “They translate into real cyber security vulnerabilities as organisations stretch resources and scramble for alternatives.”

Ingram Micro is often described as the “backbone” of enterprise IT procurement, and its regional footprint has grown in recent years amid increased demand for digital infrastructure across the Gulf.

It partners with major global sellers, including Microsoft, Cisco, Dell Technologies and HP, distributing their products and services to businesses in the Mena region.

Ingram Micro has not yet responded to The National’s request for comment regarding the status of its Mena operations.

Regional readiness

The SafePay group, which emerged in 2023, is known for attacking large, high-value corporate victims and using double extortion tactics, and demanding payment not only to decrypt systems but also to prevent the release of stolen data.

According to a March report from Cyfirma, SafePay was among the fastest-growing ransomware threats, with its activity surging by 223 per cent, marking it as one of the most rapidly escalating groups in the cyber crime landscape.

“This incident is a wake-up call for Middle Eastern enterprises to rigorously vet the cyber resilience of their upstream vendors and distribution partners,” Mr Belarbi said.

“As the region positions itself as a global tech and innovation hub, supply chain cyber security must become a boardroom issue, not just an IT one.”

The scale and duration of the Ingram Micro incident have underscored the risks that ransomware poses to core digital infrastructure, particularly when it is embedded across several geographies.

While the Mena region has not reported confirmed power cuts, the full extent of the affect may not be clear until operations are fully restored.

Cyber attacks in the region

The incident follows a broader pattern of cyber attacks in the region, including a February breach at cryptocurrency exchange Bybit.

Hackers exploited a vulnerability in a third-party seller to access user data and personal documents uploaded during the platform’s identity verification process.

Although Bybit said no customer funds were stolen, the attack highlighted how even regulated, high-profile digital platforms can be compromised through weak links in their extended supply chains.

Such cases have renewed calls for stronger seller vetting, endpoint security and regional enforcement around digital supply chain protections.

Crime%20Wave
%3Cp%3EHeavyweight%20boxer%20Fury%20revealed%20on%20Sunday%20his%20cousin%20had%20been%20%E2%80%9Cstabbed%20in%20the%20neck%E2%80%9D%20and%20called%20on%20the%20courts%20to%20address%20the%20wave%20of%20more%20sentencing%20of%20offenders.%26nbsp%3B%3C%2Fp%3E%0A%3Cp%3ERico%20Burton%2C%2031%2C%20was%20found%20with%20stab%20wounds%20at%20around%203am%20on%20Sunday%20in%20Goose%20Green%2C%20Altrincham%20and%20subsequently%20died%20of%20his%20injuries.%3C%2Fp%3E%0A%3Cp%3E%26nbsp%3B%E2%80%9CMy%20cousin%20was%20murdered%20last%20night%2C%20stabbed%20in%20the%20neck%20this%20is%20becoming%20ridiculous%20%E2%80%A6%20idiots%20carry%20knives.%20This%20needs%20to%20stop%2C%E2%80%9D%0D%20Fury%20said.%20%E2%80%9CAsap%2C%20UK%20government%20needs%20to%20bring%20higher%20sentencing%20for%20knife%20crime%2C%20it%E2%80%99s%20a%20pandemic%20%26amp%3B%20you%20don%E2%80%99t%20know%20how%20bad%20it%20is%20until%20%5Bit%E2%80%99s%5D%201%20of%20your%20own!%3C%2Fp%3E%0A

Mercer, the investment consulting arm of US services company Marsh & McLennan, expects its wealth division to at least double its assets under management (AUM) in the Middle East as wealth in the region continues to grow despite economic headwinds, a company official said.

Mercer Wealth, which globally has $160 billion in AUM, plans to boost its AUM in the region to $2-$3bn in the next 2-3 years from the present $1bn, said Yasir AbuShaban, a Dubai-based principal with Mercer Wealth.

Within the next two to three years, we are looking at reaching $2 to $3 billion as a conservative estimate and we do see an opportunity to do so,” said Mr AbuShaban.

Mercer does not directly make investments, but allocates clients’ money they have discretion to, to professional asset managers. They also provide advice to clients.

“We have buying power. We can negotiate on their (client’s) behalf with asset managers to provide them lower fees than they otherwise would have to get on their own,” he added.

Mercer Wealth’s clients include sovereign wealth funds, family offices, and insurance companies among others.

From its office in Dubai, Mercer also looks after Africa, India and Turkey, where they also see opportunity for growth.

Wealth creation in Middle East and Africa (MEA) grew 8.5 per cent to $8.1 trillion last year from $7.5tn in 2015, higher than last year’s global average of 6 per cent and the second-highest growth in a region after Asia-Pacific which grew 9.9 per cent, according to consultancy Boston Consulting Group (BCG). In the region, where wealth grew just 1.9 per cent in 2015 compared with 2014, a pickup in oil prices has helped in wealth generation.

BCG is forecasting MEA wealth will rise to $12tn by 2021, growing at an annual average of 8 per cent.

Drivers of wealth generation in the region will be split evenly between new wealth creation and growth of performance of existing assets, according to BCG.

Another general trend in the region is clients’ looking for a comprehensive approach to investing, according to Mr AbuShaban.

“Institutional investors or some of the families are seeing a slowdown in the available capital they have to invest and in that sense they are looking at optimizing the way they manage their portfolios and making sure they are not investing haphazardly and different parts of their investment are working together,” said Mr AbuShaban.

Some clients also have a higher appetite for risk, given the low interest-rate environment that does not provide enough yield for some institutional investors. These clients are keen to invest in illiquid assets, such as private equity and infrastructure.

“What we have seen is a desire for higher returns in what has been a low-return environment specifically in various fixed income or bonds,” he said.

“In this environment, we have seen a de facto increase in the risk that clients are taking in things like illiquid investments, private equity investments, infrastructure and private debt, those kind of investments were higher illiquidity results in incrementally higher returns.”

The Abu Dhabi Investment Authority, one of the largest sovereign wealth funds, said in its 2016 report that has gradually increased its exposure in direct private equity and private credit transactions, mainly in Asian markets and especially in China and India. The authority’s private equity department focused on structured equities owing to “their defensive characteristics.”

Updated: July 07, 2025, 10:06 AM
TechnologyCyber crime