A law enforcement operation coordinated by Interpol led to the recovery of $3 million and the arrest of 574 suspects by authorities in 19 countries as the crackdown on cybercrime networks continues in Africa.
The coordinated effort, named Operation Sentinel, ran from October 27 to November 27, 2025, and primarily focused on business email compromise (BEC), digital extortion, and ransomware on the continent.
Participating countries included Benin, Botswana, Burkina Faso, Cameroon, Chad, Congo, Djibouti, Democratic Republic of Congo, Gabon, Ghana, Kenya, Malawi, Nigeria, Senegal, South Africa, South Sudan, Uganda, Zambia, and Zimbabwe.
Over the course of this effort, over 6,000 malicious links were removed and six different ransomware variants were decrypted. The name of the ransomware family has not been disclosed. Interpol added that the investigated cases are associated with economic losses estimated at more than $21 million.
Suspects have been arrested in connection with a ransomware attack targeting anonymous financial institutions in Ghana that encrypted 100 terabytes of data and stole approximately $120,000.
Additionally, Ghanaian authorities have shut down a cyber fraud network operating in Ghana and Nigeria. The network defrauded more than 200 victims out of more than $400,000 using carefully designed websites and mobile apps that impersonated popular fast food brands and collected payments for fake orders.
As part of this effort, 10 people were arrested, 100 digital devices were seized, and 30 unauthorized servers were taken offline.
Benin law enforcement agencies also dismantled 43 malicious domains and 4,318 social media accounts that were used for further extortion schemes and fraud. The operation ultimately resulted in the arrest of 106 people.
Neil Jetton, director of cybercrime at Interpol, said: “The scale and sophistication of cyber-attacks is accelerating across Africa, particularly in critical sectors such as finance and energy.”
Operation Sentinel is part of the African Joint Operation Against Cybercrime (AFJOC), which aims to strengthen the capacity of African national law enforcement agencies to more effectively combat cybercrime activities in the region.
Ukrainian national pleads guilty to Nefilim ransomware attack
The disclosure comes after a 35-year-old man from Ukraine pleaded guilty in the United States to using Nefilim ransomware to attack domestic and other companies in his capacity as an affiliate. Artem Alexandrovich Stryjak was arrested in Spain in June 2024 and extradited to the United States in early April of this year.
In September, the Department of Justice (DoJ) indicted another Ukrainian, Volodymyr Viktorovich Tymoshchuk, for his role as administrator of the LockerGoga, MegaCortex, and Nefilim ransomware operations from December 2018 to October 2021.
Timoshchuk remains at large, but authorities have announced an $11 million reward for information leading to his arrest or conviction. Tymoszczuk is also on the most wanted lists of both the US Federal Bureau of Investigation (FBI) and the European Union (EU). Nephilim victims are spread across the United States, Germany, the Netherlands, Norway, and Switzerland.
“In June 2021, Nefilim administrators granted Mr. Stryzhak access to Nefilim ransomware code in exchange for 20% of the ransom proceeds,” the Justice Department said. “Mr. Stryzhak and his colleagues researched potential victims after gaining unauthorized access to their networks, including using online databases to obtain companies’ net worth, size, and contact information.”
Around July 2021, Nephilim administrators allegedly encouraged Strizak to target companies with annual revenues of $200 million or more in the United States, Canada, and Australia. Nefilim operated on a dual extortion model, pressuring victims to pay money or risk having their stolen data published on a publicly accessible data breach site known as Enterprise Leak, which was managed by the administrator.
Mr. Stryzhak pleaded guilty to conspiracy to commit computer fraud in connection with the Nefilim ransomware activity. He is scheduled to be sentenced on May 6, 2026, and if convicted, he faces up to 10 years in prison.
Source link
