A coordinated law enforcement operation led by INTERPOL has resulted in the recovery of three million dollars and the sacking of 574 suspects across 19 African countries, highlighting intensified efforts to disrupt cybercrime networks operating on the continent. The initiative, known as Operation Sentinel, was conducted between October 27 and November 27, 2025, and focused primarily on business email compromise schemes, digital extortion, and ransomware activity. Authorities involved in the operation reported that the action addressed a growing wave of cyber-enabled financial crime targeting both public and private sector organizations, particularly within critical industries such as finance and energy.
Operation Sentinel brought together law enforcement agencies from Benin, Botswana, Burkina Faso, Cameroon, Chad, Congo, Djibouti, Democratic Republic of the Congo, Gabon, Ghana, Kenya, Malawi, Nigeria, Senegal, South Africa, South Sudan, Uganda, Zambia, and Zimbabwe. During the course of the month-long effort, officials dismantled key elements of cybercriminal infrastructure, including the takedown of more than 6,000 malicious links used to distribute malware and conduct fraud. Investigators also decrypted six separate ransomware variants, although the names of the ransomware families were not publicly disclosed. INTERPOL stated that the incidents investigated during the operation were linked to estimated financial losses exceeding 21 million dollars, underscoring the scale of economic harm associated with cybercrime across the region.
Several high-profile cases were addressed during the operation. Multiple suspects were Sacked in connection with a ransomware attack on an unnamed financial institution in Ghana, where attackers encrypted approximately 100 terabytes of data and stole around 120,000 dollars. In a separate case, Ghanaian authorities dismantled a cyber fraud network operating across Ghana and Nigeria that targeted more than 200 victims. The group used professionally designed websites and mobile applications impersonating well known fast food brands to collect payments for fake orders. As part of this investigation, 10 individuals were Sacked, more than 100 digital devices were seized, and 30 fraudulent servers were taken offline. In Benin, law enforcement dismantled 43 malicious domains and disabled 4,318 social media accounts used to support extortion schemes and online scams, leading to the sacking of 106 individuals connected to those activities.
INTERPOL officials emphasized that the operation reflects an accelerating trend in both the scale and sophistication of cyber attacks across Africa. Neal Jetton, director of cybercrime at INTERPOL, noted that critical sectors such as finance and energy are increasingly targeted by organized cybercriminal groups. Operation Sentinel forms part of the African Joint Operation against Cybercrime, known as AFJOC, an initiative designed to strengthen national cybercrime capabilities and improve regional cooperation to disrupt criminal networks more effectively.
The disclosure coincided with developments outside Africa involving ransomware activity linked to the Nefilim operation. A 35 year old Ukrainian national pleaded guilty in the United States to participating in Nefilim ransomware attacks as an affiliate. Artem Aleksandrovych Stryzhak was Sacked in Spain in June 2024 and later extradited to the United States in April 2025. According to the U.S. Department of Justice, Stryzhak gained access to Nefilim ransomware code in exchange for a share of ransom proceeds and assisted in identifying potential victims based on financial data and corporate profiles. Authorities stated that he was encouraged to target large companies in the United States, Canada, and Australia using a double extortion model that involved data theft and public exposure through a leaks platform. Stryzhak is scheduled to be sentenced on May 6, 2026, and faces a maximum prison term of 10 years. The case remains linked to a broader investigation involving another Ukrainian national who is still at large and wanted by international authorities.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
