In a significant law enforcement operation coordinated by INTERPOL, authorities across 19 countries have successfully arrested 574 individuals and recovered $3 million as part of an intensified effort against cybercrime networks in Africa. Dubbed Operation Sentinel, the operation took place from October 27 to November 27, 2025, focusing primarily on business email compromise (BEC), digital extortion, and ransomware incidents within the region.
Participating countries included Benin, Botswana, Burkina Faso, Cameroon, Chad, Congo, Djibouti, the Democratic Republic of the Congo, Gabon, Ghana, Kenya, Malawi, Nigeria, Senegal, South Africa, South Sudan, Uganda, Zambia, and Zimbabwe. The initiative effectively dismantled over 6,000 malicious links and decrypted six different ransomware variants, although specific names of the ransomware families were not disclosed. Collectively, the investigated incidents are believed to have resulted in financial losses exceeding $21 million, as reported by INTERPOL.
Among the arrests, multiple suspects were connected to a ransomware attack that targeted a Ghanaian financial institution. This breach encrypted approximately 100 terabytes of data and resulted in a loss of around $120,000. Furthermore, Ghanaian authorities dismantled a cyber fraud ring operating in Ghana and Nigeria that exploited over 200 victims, defrauding them of more than $400,000 using counterfeit websites and mobile applications impersonating well-known fast-food brands.
The crackdown also saw the arrest of ten individuals, the seizure of 100 digital devices, and the taking down of 30 fraudulent servers. In a parallel effort, authorities in Benin dismantled 43 malicious domains and shut down 4,318 social media accounts that facilitated extortion schemes and scams, leading to the arrest of an additional 106 people.
Neal Jetton, INTERPOL’s director of cybercrime, noted the increasing scale and sophistication of cyberattacks targeting critical sectors such as finance and energy within Africa. Operation Sentinel is part of the broader African Joint Operation against Cybercrime (AFJOC), designed to enhance the capabilities of national law enforcement agencies to combat cybercriminal activities more effectively.
Ukrainian National Arrested for Nefilim Ransomware Attacks
In related news, a 35-year-old Ukrainian national, Artem Aleksandrovych Stryzhak, pleaded guilty in the United States for his involvement in Nefilim ransomware attacks that targeted various companies domestically and internationally. Arrested in Spain in June 2024, he was subsequently extradited to the U.S. this past April.
In September, the U.S. Justice Department (DoJ) filed charges against another Ukrainian, Volodymyr Viktorovich Tymoshchuk, for his administrative role in the LockerGoga, MegaCortex, and Nefilim ransomware operations from December 2018 to October 2021. Tymoshchuk remains at large, with authorities offering an $11 million reward for information leading to his capture or conviction. He is listed on the most wanted lists of both the U.S. Federal Bureau of Investigation and the European Union, with Nefilim’s victims spanning countries including the U.S., Germany, the Netherlands, Norway, and Switzerland.
The DoJ revealed that Stryzhak was granted access to the Nefilim ransomware code in exchange for a share of the ransom proceeds. Stryzhak’s activities included gathering intelligence on potential victims by exploiting unauthorized access to their networks and leveraging online databases to assess companies’ financials and contact details. Targeting companies in the U.S., Canada, and Australia with annual revenues exceeding $200 million, Nefilim operated under a double extortion model, threatening victims with public disclosure of sensitive data unless ransoms were paid.
Stryzhak has pleaded guilty to conspiracy to commit computer-related fraud, with a sentencing date set for May 6, 2026. He faces a maximum penalty of 10 years in prison if convicted. By leveraging tactics in line with the MITRE ATT&CK framework—including initial access, credential dumping, and double extortion—these cybercriminal networks have demonstrated the urgent need for enhanced cybersecurity measures, particularly for businesses operating in vulnerable sectors.