A law enforcement operation coordinated by INTERPOL has led to the recovery of $3 million and the arrest of 574 suspects by authorities from 19 countries, amidst a continued crackdown on cybercrime networks in Africa.
The coordinated effort, named Operation Sentinel, took place between October 27 and November 27, 2025, and mainly focused on business email compromise (BEC), digital extortion, and ransomware on the continent.
Participating nations included Benin, Botswana, Burkina Faso, Cameroon, Chad, Congo, Djibouti, Democratic Republic of the Congo, Gabon, Ghana, Kenya, Malawi, Nigeria, Senegal, South Africa, South Sudan, Uganda, Zambia, and Zimbabwe.
Over the course of the initiative, more than 6,000 malicious links were taken down and six distinct ransomware variants were decrypted. The names of the ransomware families were not disclosed. The investigated incidents were linked to estimated financial losses exceeding $21 million, INTERPOL added.
Multiple suspects have been arrested in connection with a ransomware attack targeting an unnamed Ghanaian financial institution that encrypted 100 terabytes of data and stole about $120,000.
In addition, Ghanaian authorities took down a cyber fraud network operating across Ghana and Nigeria that defrauded more than 200 victims of over $400,000 using well-designed websites and mobile apps, which impersonated popular fast-food brands to collect payments for fake orders.
As part of the effort, 10 individuals were apprehended, 100 digital devices were seized, and 30 fraudulent servers were taken offline.
Law enforcement from Benin also dismantled 43 malicious domains and 4,318 social media accounts that were used to further extortion schemes and scams. The operation culminated in the arrest of 106 people.
“The scale and sophistication of cyber attacks across Africa are accelerating, especially against critical sectors like finance and energy,” Neal Jetton, INTERPOL’s director of cybercrime, said.
Operation Sentinel is part of the African Joint Operation against Cybercrime (AFJOC), which aims to enhance the capabilities of national law enforcement agencies in Africa and better disrupt cybercriminal activity in the region.
Ukrainian National Pleads Guilty to Nefilim Ransomware Attacks
The disclosure comes as a 35-year-old from Ukraine pleaded guilty in the U.S. to using Nefilim ransomware to attack companies in the country and elsewhere in his capacity as an affiliate. Artem Aleksandrovych Stryzhak was arrested in Spain in June 2024 and extradited to the U.S. earlier this April.
In September, the Justice Department (DoJ) charged another Ukrainian national, Volodymyr Viktorovich Tymoshchuk, for his role as the administrator of the LockerGoga, MegaCortex, and Nefilim ransomware operations between December 2018 and October 2021.
Tymoshchuk remains at large, although authorities have announced a $11 million reward for information leading to his arrest or conviction. Tymoshchuk is also on the most wanted lists of both the U.S. Federal Bureau of Investigation (FBI) and the European Union (E.U.). Nefilim’s victims span the U.S., Germany, the Netherlands, Norway, and Switzerland.
“In June 2021, Nefilim administrators gave Stryzhak access to the Nefilim ransomware code in exchange for 20 percent of his ransom proceeds,” the DoJ said. “Stryzhak and others researched potential victims after gaining unauthorized access to their networks, including by using online databases to obtain information about the companies’ net worth, size, and contact information.”
Around July 2021, a Nefilim administrator is said to have encouraged Stryzhak to target companies in the U.S., Canada, and Australia with more than $200 million dollars in annual revenue. Nefilim operated under a double extortion model, pressurizing victims to pay up or risk getting their stolen data published on a publicly accessible data leaks site known as Corporate Leaks that was maintained by the administrators.
Stryzhak pleaded guilty to conspiracy to commit fraud related to computers in connection with his Nefilim ransomware activities. He is scheduled to be sentenced on May 6, 2026. If found guilty, he faces a maximum penalty of 10 years in prison.