An international law enforcement operation coordinated by INTERPOL has successfully recovered $3 million and led to the arrest of 574 individuals across 19 African nations, marking a significant stride in the ongoing crackdown on sophisticated cybercrime networks operating on the continent. The operation, dubbed Operation Sentinel, targeted prevalent threats such as business email compromise (BEC), digital extortion, and ransomware. This collaborative effort underscores the growing urgency to combat increasingly complex digital threats.
Operation Sentinel ran from October 27 to November 27, 2025, and involved law enforcement agencies from Benin, Botswana, Burkina Faso, Cameroon, Chad, Congo, Djibouti, Democratic Republic of the Congo, Gabon, Ghana, Kenya, Malawi, Nigeria, Senegal, South Africa, South Sudan, Uganda, Zambia, and Zimbabwe. During the operation, authorities dismantled over 6,000 malicious links and successfully decrypted six different ransomware variants, though the specific families were not disclosed. The investigated incidents were linked to potential financial losses exceeding $21 million, according to INTERPOL.
African Cybercrime Crackdown Yields Major Arrests and Recoveries
The coordinated sting operations yielded several notable successes. In one instance, authorities arrested multiple suspects in connection with a ransomware attack that crippled an unnamed Ghanaian financial institution. This attack encrypted an estimated 100 terabytes of data and resulted in approximately $120,000 in losses. The operation also saw Ghanaian authorities dismantle a cyber fraud network that spanned both Ghana and Nigeria, defrauding over 200 victims of more than $400,000.
This fraudulent network employed highly convincing websites and mobile applications that mimicked popular fast-food brands to process payments for non-existent orders. The takedown resulted in the apprehension of 10 individuals, the seizure of 100 digital devices, and the deactivation of 30 fraudulent servers. In a separate operation, law enforcement in Benin disrupted 43 malicious domains and deactivated 4,318 social media accounts that were instrumental in facilitating extortion schemes and online scams. This effort culminated in the arrest of 106 suspects, highlighting the pervasive nature of these criminal enterprises.
Neal Jetton, INTERPOL’s director of cybercrime, emphasized the escalating threat, stating, “The scale and sophistication of cyber attacks across Africa are accelerating, especially against critical sectors like finance and energy.” Operation Sentinel is a key component of the African Joint Operation against Cybercrime (AFJOC), an initiative designed to bolster the capabilities of national law enforcement agencies across Africa and enhance their ability to disrupt cybercriminal activities in the region.
Global Efforts Target Ransomware Operations
Meanwhile, international efforts against ransomware have also seen significant developments. In the United States, a 35-year-old Ukrainian national, Artem Aleksandrovych Stryzhak, pleaded guilty to deploying Nefilim ransomware. Stryzhak acted as an affiliate, attacking companies both domestically and internationally. He was apprehended in Spain in June 2024 and subsequently extradited to the U.S. in April.
This development follows charges brought by the U.S. Department of Justice (DoJ) in September against another Ukrainian national, Volodymyr Viktorovich Tymoshchuk. Tymoshchuk is accused of orchestrating the LockerGoga, MegaCortex, and Nefilim ransomware operations between December 2018 and October 2021. He remains at large, with U.S. authorities offering a $11 million reward for information leading to his arrest or conviction. Tymoshchuk is also listed on the most wanted lists of the U.S. Federal Bureau of Investigation (FBI) and the European Union (EU). Nefilim victims have been identified across the U.S., Germany, the Netherlands, Norway, and Switzerland.
According to the DoJ, Stryzhak gained access to the Nefilim ransomware code in June 2021 in exchange for a 20% share of ransom payments. He and his accomplices reportedly researched potential targets by accessing their networks without authorization and utilizing online databases to gather information on company valuations, size, and contact details. Nefilim operated on a double extortion model, threatening to publish stolen data on a public data leak site known as Corporate Leaks if victims refused to pay ransoms.
Stryzhak’s guilty plea was for conspiracy to commit computer fraud, directly related to his activities with Nefilim ransomware. His sentencing is scheduled for May 6, 2026, and he faces a maximum penalty of 10 years in prison if found guilty. The ongoing investigations and prosecutions, both in Africa and globally, signal a continued commitment to tackling the pervasive challenges posed by cyber threats and digital extortion.