INTERPOL-Led Operation Disrupts Cybercrime Networks Across Africa, Recovers $3 Million
A month-long global law enforcement effort, Operation Sentinel, led by INTERPOL and involving 19 African nations, has resulted in the arrest of 574 suspects and the recovery of $3 million in stolen funds. Conducted between October 27 and November 27, 2025, the operation targeted business email compromise (BEC), digital extortion, and ransomware schemes plaguing the continent.
Participating countries—including Nigeria, Ghana, South Africa, Kenya, and 15 others—took down over 6,000 malicious links, decrypted six ransomware variants, and dismantled cybercriminal infrastructure responsible for estimated losses exceeding $21 million. Among the key actions:
- Ghanaian authorities arrested 10 suspects linked to a ransomware attack on an unnamed financial institution, which encrypted 100 terabytes of data and stole $120,000. The same operation also dismantled a cross-border fraud network (operating in Ghana and Nigeria) that defrauded 200+ victims of $400,000 using fake fast-food websites and apps.
- Benin’s law enforcement seized 43 malicious domains and 4,318 social media accounts used for extortion, leading to 106 arrests.
- 100 digital devices and 30 fraudulent servers were confiscated during raids.
"The scale and sophistication of cyber attacks across Africa are accelerating, especially against critical sectors like finance and energy," warned Neal Jetton, INTERPOL’s Director of Cybercrime. The operation falls under the African Joint Operation against Cybercrime (AFJOC), an initiative to bolster regional law enforcement capabilities.
Ukrainian Ransomware Affiliate Pleads Guilty in U.S.
Separately, Artem Aleksandrovych Stryzhak, a 35-year-old Ukrainian national, pleaded guilty in the U.S. for his role in Nefilim ransomware attacks as an affiliate. Arrested in Spain in June 2024 and extradited in April 2025, Stryzhak admitted to conspiring in double-extortion schemes, where victims were pressured to pay ransoms or face public leaks of stolen data via the Corporate Leaks site.
Stryzhak gained access to Nefilim’s ransomware code in June 2021 in exchange for 20% of his ransom proceeds. He and co-conspirators targeted companies in the U.S., Canada, and Australia with annual revenues exceeding $200 million, using databases to assess victims’ financial standing. His sentencing is scheduled for May 6, 2026, with a potential 10-year prison term.
The case follows the September 2025 indictment of Volodymyr Viktorovich Tymoshchuk, another Ukrainian national accused of administering LockerGoga, MegaCortex, and Nefilim ransomware between 2018 and 2021. Tymoshchuk remains at large, with a $11 million reward offered for information leading to his arrest. He is wanted by both the FBI and EU, with Nefilim’s victims spanning multiple countries, including the U.S., Germany, and Norway.
Source: https://thehackernews.com/2025/12/interpol-arrests-574-in-africa.html
Cyber News Live cybersecurity rating report: https://www.rankiteo.com/company/cyber-news-live
"id": "CYB1766491454",
"linkid": "cyber-news-live",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Finance',
'location': 'Ghana',
'name': 'Unnamed Ghanaian financial institution',
'type': 'Financial Institution'},
{'customers_affected': '200+ victims',
'industry': 'Cybercrime',
'location': ['Ghana', 'Nigeria'],
'name': 'Fraud network (Ghana and Nigeria)',
'type': 'Cyber Fraud Network'},
{'industry': ['Finance', 'Energy', 'Other Sectors'],
'location': ['U.S.',
'Germany',
'Netherlands',
'Norway',
'Switzerland'],
'name': 'Victims of Nefilim ransomware',
'size': 'Companies with >$200M annual revenue',
'type': 'Various Companies'}],
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Corporate Data',
'Sensitive Financial '
'Information']},
'date_publicly_disclosed': '2025-11-27',
'description': 'A law enforcement operation coordinated by INTERPOL, named '
'Operation Sentinel, led to the recovery of $3 million and the '
'arrest of 574 suspects across 19 African countries. The '
'operation targeted business email compromise (BEC), digital '
'extortion, and ransomware, resulting in the takedown of over '
'6,000 malicious links, decryption of six ransomware variants, '
'and disruption of cybercriminal networks responsible for '
'estimated financial losses exceeding $21 million.',
'impact': {'data_compromised': '100 terabytes (in Ghanaian financial '
'institution attack)',
'financial_loss': '$21 million (estimated)'},
'initial_access_broker': {'high_value_targets': 'Companies with >$200M annual '
'revenue'},
'investigation_status': 'Ongoing',
'lessons_learned': 'The scale and sophistication of cyber attacks across '
'Africa are accelerating, especially against critical '
'sectors like finance and energy. Coordinated '
'international law enforcement efforts are essential to '
'disrupt cybercriminal activity.',
'motivation': ['Financial Gain', 'Extortion'],
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransom_paid': '$120,000 (Ghanaian financial institution)',
'ransomware_strain': ['Nefilim', 'Six undisclosed variants']},
'recommendations': ['Enhance national law enforcement capabilities in Africa',
'Strengthen public-private partnerships to combat '
'cybercrime',
'Implement robust cybersecurity measures in critical '
'sectors',
'Increase awareness of BEC and ransomware threats'],
'references': [{'source': 'INTERPOL'},
{'source': 'U.S. Department of Justice'}],
'regulatory_compliance': {'legal_actions': ['Arrests of 574 suspects',
'Charges against ransomware '
'affiliates']},
'response': {'containment_measures': ['Takedown of 6,000+ malicious links',
'Decryption of six ransomware variants',
'Seizure of 100 digital devices',
'Takedown of 30 fraudulent servers'],
'law_enforcement_notified': True,
'recovery_measures': ['Recovery of $3 million'],
'third_party_assistance': 'INTERPOL, AFJOC'},
'threat_actor': ['Cybercrime Networks',
'Initial Access Brokers',
'Ransomware Affiliates'],
'title': 'Operation Sentinel: INTERPOL-Led Crackdown on Cybercrime Networks '
'in Africa',
'type': ['Business Email Compromise (BEC)', 'Digital Extortion', 'Ransomware']}