INTERPOL Deals a Major Blow to Global Cybercrime

If you’ve ever thought cybercrime operates without real consequences, INTERPOL’s latest actions prove the opposite. In one of the largest international operations in recent years, the global police organization coordinated the arrest of 574 individuals across Africa, recovered more than $3 million, and dismantled hundreds of criminal digital infrastructures.

At TecnetOne, we analyze this case because it marks a turning point in the fight against ransomware, digital extortion, and Business Email Compromise (BEC)—threats that directly affect companies in Latin America, Europe, and the United States.

Operation Sentinel: An Unprecedented Deployment in Africa

The offensive, known as Operation Sentinel, took place between October 27 and November 27, 2025. During that month, law enforcement agencies from 19 African countries worked together to disrupt criminal networks that had operated with relative impunity for years.

Participating countries included:

1. Nigeria
   
   
2. Kenya
   
   
3. Ghana
   
   
4. South Africa
   
   
5. Senegal
   
   
6. Uganda
   
   
7. Zambia
   
   
8. Cameroon
   
   
9. Democratic Republic of the Congo

The operation focused on three major threats you’re likely already familiar with:

1. Business Email Compromise (BEC)
   
   
2. Digital extortion
   
   
3. Ransomware

Results That Speak for Themselves

The figures reveal both the scale of the problem and the impact of the crackdown:

1. 574 arrests
   
   
2. More than $3 million recovered
   
   
3. Over 6,000 malicious links taken down
   
   
4. Six ransomware variants decrypted
   
   
5. Investigated losses exceeding $21 million

Although INTERPOL did not disclose the specific ransomware families decrypted, this detail is critical: breaking ransomware encryption directly reduces attackers’ extortion power and helps future victims recover.

Learn more: Ransomware Hunters International Shuts Down Operations

Real Cases: From Banking Ransomware to Fake App Fraud

Behind the numbers are concrete cases that reveal how these criminal networks operate.

Ransomware Attack on a Financial Institution in Ghana

One of the most serious incidents investigated was a ransomware attack against a financial institution in Ghana. The attackers:

1. Encrypted 100 terabytes of data
   
   
2. Stole approximately $120,000
   
   
3. Compromised critical systems

Multiple individuals were arrested in connection with the attack, proving that even well-protected banks remain high-value targets.

Large-Scale Fraud Using Fake Websites and Apps

Another revealing case involved a criminal network operating between Ghana and Nigeria. This group:

1. Created fake websites and mobile apps
   
   
2. Impersonated well-known fast-food brands
   
   
3. Collected payments for orders that never existed

The impact was severe: over 200 victims and losses exceeding $400,000. As part of the operation:

1. 10 individuals were arrested
   
   
2. 100 digital devices were seized
   
   
3. 30 fraudulent servers were shut down

Benin: Domains and Social Media Accounts Under Criminal Control

In Benin, authorities dismantled an even broader infrastructure:

1. 43 malicious domains
   
   
2. 4,318 social media accounts
   
   
3. 106 arrests

These accounts were used for extortion, scams, and social engineering campaigns—proof that cybercrime doesn’t live only on the dark web, but also on platforms people use every day.

INTERPOL’s Message: Cybercrime Is No Longer a Minor Threat

Neal Jetton, INTERPOL’s Director of Cybercrime, was explicit:

“The scale and sophistication of cyberattacks in Africa are accelerating, particularly against critical sectors such as finance and energy.”

This warning isn’t limited to Africa. At TecnetOne, we see it daily: attacks are becoming more professional, more coordinated, and more global.

AFJOC: Cooperation as the Key to Fighting Cybercrime

Operation Sentinel is part of the African Joint Operation against Cybercrime (AFJOC) initiative. Its goals go beyond arrests:

1. Strengthening local law enforcement cyber capabilities
   
   
2. Improving international cooperation
   
   
3. Sharing real-time intelligence
   
   
4. Reducing digital impunity

This collaborative approach is essential, because cybercrime ignores borders.

Another Front: Ukrainian Ransomware and International Justice

While INTERPOL acted in Africa, another major development unfolded in the United States.

A 35-year-old Ukrainian national, Artem Aleksandrovych Stryzhak, pleaded guilty to participating as an affiliate of the Nefilim ransomware operation. He was arrested in Spain in June 2024 and extradited to the U.S. in April 2025.

How Nefilim Operated and the Double Extortion Model

If you run a business, this part matters.

Nefilim followed the double extortion model:

1. Illegally accessed the victim’s network
   
   
2. Stole sensitive data
   
   
3. Encrypted systems
   
   
4. Threatened to publish stolen data if payment was not made

Stryzhak received access to the ransomware code in exchange for 20% of the ransom payments. Before launching attacks, he researched companies using public databases to assess:

1. Revenue
   
   
2. Company size
   
   
3. Ability to pay

Targets were companies with annual revenues over $200 million in the United States, Canada, and Australia.

Similar titles: BidenCash Market Domains Seized in International Operation

What Happens Next

Stryzhak pleaded guilty to conspiracy to commit computer fraud. His sentencing is scheduled for May 6, 2026, and he faces up to 10 years in prison.

Meanwhile, another Ukrainian national, Volodymyr Tymoshchuk, alleged administrator of Nefilim and LockerGoga, remains a fugitive. Authorities are offering a $11 million reward for information leading to his capture.

What This Means for You and Your Organization

From TecnetOne’s perspective, this case leaves several clear takeaways:

1. Cybercrime does have consequences
   More attackers are being identified, arrested, and prosecuted.
   
   
2. Ransomware is an organized business
   These are not lone hackers, but structured criminal enterprises.
   
   
3. Companies remain the primary targets
   Especially those with strong financial capacity and sensitive data.
   
   
4. International cooperation works
   But prevention remains your best defense.

Conclusion: The Message Is Clear

The 574 arrests, millions recovered, and convictions of ransomware operators send a strong message: cybercrime is no longer a safe haven for attackers.

Still, you can’t rely solely on law enforcement. The key question remains: is your organization prepared to withstand an attack before it happens?

At TecnetOne, we believe modern cybersecurity isn’t just about reacting—it’s about anticipating, detecting, and resisting. Because even when criminals fall, others will always try to take their place.