Interpol’s Operation Ramz: A Landmark Crackdown on MENA Cybercrime
In an unprecedented move, INTERPOL has orchestrated a comprehensive cybercrime operation across the Middle East and North Africa (MENA), resulting in 201 arrests and the identification of 382 additional suspects. This initiative, known as Operation Ramz, spanned from October 2025 to February 2026 and involved collaboration among 13 countries in the region. The primary objectives were to dismantle malicious infrastructures, apprehend individuals behind these cyber activities, and prevent future cyber-related losses.
Neutralizing Cyber Threats
Operation Ramz concentrated on mitigating phishing and malware threats, as well as addressing cyber scams that have inflicted significant financial damage across the MENA region. INTERPOL reported that, in addition to the arrests, the operation led to the identification of 3,867 victims and the seizure of 53 servers utilized in these illicit activities.
Key Developments Across the Region
– Algeria: Authorities disrupted a phishing-as-a-service (PhaaS) operation by confiscating a server, along with a computer, mobile phone, and hard drives containing phishing software and scripts. One individual was arrested in connection with this scheme.
– Morocco: Officials seized computers, smartphones, and external hard drives containing banking data and software used for phishing operations.
– Oman: A server located in a private residence was found to contain sensitive information and was compromised by malware due to critical security vulnerabilities. Actions were taken to disable the server and secure the data.
– Qatar: Compromised devices were discovered, with owners unaware that their systems were being exploited to disseminate malicious threats. The affected machines were secured, and the owners were advised to implement appropriate security measures.
– Jordan: Police identified a computer used to conduct financial fraud scams, where victims were deceived into investing in a seemingly legitimate trading platform that ceased operations after funds were deposited. A raid uncovered 15 individuals involved in the scams; however, investigations revealed they were victims of human trafficking, coerced into participating under false employment promises. Two individuals suspected of orchestrating the operation were arrested.
Collaborative Efforts and Intelligence Sharing
Private sector entities played a crucial role in Operation Ramz. Group-IB provided actionable intelligence on over 5,000 compromised accounts, including those associated with government infrastructure, and shared details about active phishing infrastructures across the region. Joe Sander, CEO of Team Cymru, emphasized the importance of borderless collaboration in combating cybercrime, stating that Operation Ramz exemplifies the effectiveness of law enforcement and private-sector partners pooling intelligence to dismantle criminal infrastructures.
Participating Countries
The countries involved in Operation Ramz included Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the United Arab Emirates.
Contextualizing Operation Ramz
Operation Ramz is part of a series of global law enforcement actions targeting cybercrime:
– Operation Secure (June 2025): INTERPOL dismantled over 20,000 malicious IP addresses linked to 69 malware variants, resulting in the seizure of 41 servers and over 100 GB of data, and the arrest of 32 suspects.
– Operation Synergia II (November 2024): This operation led to the takedown of more than 22,000 malicious servers associated with phishing, ransomware, and information-stealing malware, with 41 individuals arrested and 65 others under investigation.
– Operation Red Card 2.0 (February 2026): Focused on African cybercrime, this initiative resulted in 651 arrests and the recovery of over $4.3 million, targeting high-yield investment scams, mobile money fraud, and fraudulent mobile loan applications.
– Operation Jackal (October 2022): INTERPOL targeted the ‘Black Axe’ cybercrime organization, leading to 75 arrests and the seizure of 12,000 SIM cards and luxury assets.
– Operation Serengeti (November 2024): This operation led to 1,006 arrests across 19 African countries and the dismantling of 134,089 malicious infrastructures, addressing crimes such as ransomware, business email compromise, digital extortion, and online scams.
– Operation Synergia (February 2024): A collaborative effort that identified over 1,300 suspicious IP addresses and URLs linked to phishing, banking malware, and ransomware attacks, resulting in 31 arrests.
– Operation Nervone (July 2023): INTERPOL arrested a suspected senior member of the OPERA1ER hacking group, believed to have stolen an estimated $11 million in more than 30 attacks across 15 countries.
– Operation MORPHEUS (July 2024): A global police operation that shut down nearly 600 servers used by cybercriminal groups associated with the Cobalt Strike tool.
– Operation 16Shop (August 2023): INTERPOL dismantled the phishing-as-a-service platform ’16Shop,’ leading to three arrests and the disruption of services that compromised approximately 70,000 users across 43 countries.
Conclusion
Operation Ramz underscores the critical importance of international collaboration in combating cybercrime. By uniting law enforcement agencies and private sector partners, significant strides have been made in disrupting cybercriminal networks and safeguarding potential victims. The success of this operation serves as a testament to the effectiveness of coordinated efforts in addressing the evolving landscape of cyber threats.
