Interpol’s Operation Sentinel Leads to 574 Arrests in Africa and $3 Million Recovered
In a significant crackdown on cybercrime, INTERPOL’s Operation Sentinel has resulted in the arrest of 574 individuals across 19 African nations and the recovery of $3 million. Conducted between October 27 and November 27, 2025, this coordinated effort targeted cyber offenses such as business email compromise (BEC), digital extortion, and ransomware attacks.
Participating Nations and Collaborative Efforts
The operation saw collaboration among law enforcement agencies from Benin, Botswana, Burkina Faso, Cameroon, Chad, Congo, Djibouti, Democratic Republic of the Congo, Gabon, Ghana, Kenya, Malawi, Nigeria, Senegal, South Africa, South Sudan, Uganda, Zambia, and Zimbabwe. This collective action underscores the importance of international cooperation in combating the escalating threat of cybercrime.
Key Achievements of Operation Sentinel
– Dismantling Malicious Infrastructure: Authorities successfully took down over 6,000 malicious links and decrypted six distinct ransomware variants, though specific names of these ransomware families were not disclosed. The incidents investigated during the operation were linked to financial losses exceeding $21 million.
– Targeted Ransomware Attacks: Multiple suspects were apprehended in connection with a ransomware attack on an unnamed Ghanaian financial institution. This attack resulted in the encryption of 100 terabytes of data and the theft of approximately $120,000.
– Disruption of Cyber Fraud Networks: Ghanaian authorities dismantled a cyber fraud network operating across Ghana and Nigeria. This network defrauded over 200 victims of more than $400,000 by creating sophisticated websites and mobile applications that impersonated popular fast-food brands to collect payments for fictitious orders. The operation led to the arrest of 10 individuals, the seizure of 100 digital devices, and the takedown of 30 fraudulent servers.
– Elimination of Malicious Domains and Social Media Accounts: In Benin, law enforcement dismantled 43 malicious domains and 4,318 social media accounts used for extortion schemes and scams, culminating in the arrest of 106 individuals.
Statements from INTERPOL
Neal Jetton, INTERPOL’s Director of Cybercrime, highlighted the growing threat, stating, The scale and sophistication of cyber attacks across Africa are accelerating, especially against critical sectors like finance and energy. This statement emphasizes the urgent need for robust cybersecurity measures and international collaboration to protect critical infrastructure.
Operation Sentinel and AFJOC
Operation Sentinel is a component of the African Joint Operation against Cybercrime (AFJOC), an initiative aimed at enhancing the capabilities of national law enforcement agencies in Africa to effectively disrupt cybercriminal activities. AFJOC focuses on building a coordinated response to the evolving cyber threat landscape, ensuring that African nations are equipped to handle the complexities of modern cybercrime.
Ukrainian National Pleads Guilty to Nefilim Ransomware Attacks
In a related development, 35-year-old Ukrainian national Artem Aleksandrovych Stryzhak pleaded guilty in the United States to deploying Nefilim ransomware against companies both domestically and internationally. Stryzhak was arrested in Spain in June 2024 and extradited to the U.S. in April 2025.
Details of the Nefilim Ransomware Operation
– Collaboration with Nefilim Administrators: In June 2021, Nefilim administrators provided Stryzhak with access to the ransomware code in exchange for 20% of his ransom proceeds. Stryzhak and his associates conducted thorough research on potential victims, gaining unauthorized access to their networks and using online databases to gather information about the companies’ net worth, size, and contact details.
– Targeting High-Value Companies: Around July 2021, a Nefilim administrator encouraged Stryzhak to focus on companies in the U.S., Canada, and Australia with annual revenues exceeding $200 million. Nefilim operated under a double extortion model, pressuring victims to pay ransoms or risk having their stolen data published on a publicly accessible data leaks site known as Corporate Leaks.
Legal Proceedings and Ongoing Efforts
Stryzhak pleaded guilty to conspiracy to commit fraud related to computers in connection with his Nefilim ransomware activities. He is scheduled for sentencing on May 6, 2026, and faces a maximum penalty of 10 years in prison.
In September 2025, the U.S. Department of Justice charged another Ukrainian national, Volodymyr Viktorovich Tymoshchuk, for his role as the administrator of the LockerGoga, MegaCortex, and Nefilim ransomware operations between December 2018 and October 2021. Tymoshchuk remains at large, with authorities offering an $11 million reward for information leading to his arrest or conviction. He is listed on the most wanted lists of both the U.S. Federal Bureau of Investigation (FBI) and the European Union (E.U.). Nefilim’s victims span multiple countries, including the U.S., Germany, the Netherlands, Norway, and Switzerland.
Broader Implications and the Need for Vigilance
The success of Operation Sentinel and the legal actions against individuals like Stryzhak and Tymoshchuk highlight the global nature of cybercrime and the necessity for international cooperation in addressing these threats. The increasing sophistication of cyber attacks, particularly against critical sectors such as finance and energy, underscores the importance of robust cybersecurity measures and proactive law enforcement efforts.
Conclusion
The outcomes of Operation Sentinel and related legal proceedings serve as a stark reminder of the pervasive and evolving threat posed by cybercriminals. Continued vigilance, international collaboration, and investment in cybersecurity infrastructure are essential to protect individuals, businesses, and critical infrastructure from the damaging effects of cybercrime.
