LYON, France – Law enforcement in 19 countries have arrested 574 suspects and recovered approximately USD 3 million in a significant cybercrime operation across Africa.
Operation Sentinel (27 October – 27 November) focused on three prevalent crime types: business email compromise (BEC), digital extortion and ransomware, all identified as growing threats in INTERPOL’s 2025 Africa Cyber Threat Assessment Report.
During the INTERPOL-coordinated initiative, over 6,000 malicious links were taken down and six distinct ransomware variants were decrypted. The cases investigated during the month-long operation were linked to estimated financial losses exceeding USD 21 million.
Operational highlights: Quick interventions and international cooperation save USD millions
In Senegal, a major petroleum company detected a sophisticated BEC scheme in which fraudsters infiltrated internal email systems and impersonated executives to authorize a fraudulent wire transfer of USD 7.9 million. By urgently freezing destination accounts, Senegalese authorities successfully halted the transfer before funds could be withdrawn.
A Ghanaian financial institution was hit by a ransomware attack that encrypted 100 terabytes of data and stole approximately USD 120,000, disrupting critical services. Ghanaian authorities conducted advanced malware analysis, allowing them to identify the ransomware strain and develop a decryption tool that recovered nearly 30 terabytes of data. Multiple suspects have been arrested.
Ghanaian authorities also dismantled a major cyber-fraud network operating across Ghana and Nigeria that defrauded more than 200 victims of over USD 400,000. Using professionally designed websites and mobile apps, the scammers mimicked well-known fast-food brands, collecting payments but never delivering orders. Ten suspects were arrested in Ghana, with over 100 digital devices seized and 30 fraudulent servers taken offline.
In Benin, 43 malicious domains were taken down and 4,318 social media accounts linked to extortion schemes and scams were shut down, leading to 106 arrests.
Cameroonian law enforcement reacted quickly after two victims reported a scam involving an online vehicle sales platform. The phishing campaign was traced to a compromised server and an emergency bank freeze was issued within hours.
Neal Jetton, INTERPOL’s Director of Cybercrime, said:
“The scale and sophistication of cyberattacks across Africa are accelerating, especially against critical sectors like finance and energy. The outcomes from Operation Sentinel reflect the commitment of African law enforcement agencies, working in close coordination with international partners. Their actions have successfully protected livelihoods, secured sensitive personal data and preserved critical infrastructure.”
Operation Sentinel was made possible through close coordination with INTERPOL’s private sector partners Team Cymru, The Shadowserver Foundation, Trend Micro, TRM Labs and Uppsala Security. Partnerships with private sectors provided critical technical support in tracing IP addresses utilized at various stages of the ransomware attack lifecycle and sextortion schemes, as well as assisting in freezing illicit financial assets.
Notes to editors:
Operation Sentinel was held under the umbrella of the African Joint Operation against Cybercrime (AFJOC), funded by the United Kingdom’s Foreign, Commonwealth and Development Office, and through the Global Action on Cybercrime Enhanced project (GLACY-e), a joint project of the European Union and the Council of Europe.
In June, INTERPOL released the 2025 Africa Cyberthreat Assessment Report, revealing that two-thirds of surveyed African member countries said cyber-related offences make up a medium-to-high proportion of all crimes.
Participating countries: Benin, Botswana, Burkina Faso, Cameroon, Chad, Congo, Djibouti, Democratic Republic of the Congo, Gabon, Ghana, Kenya, Malawi, Nigeria, Senega, South Africa, South Sudan, Uganda, Zambia, Zimbabwe
