Global Crackdown: INTERPOL Arrests 574 in Africa and Ukrainian Ransomware Affiliate Confesses

INTERPOL Operation Leads to Arrest of 574 Suspects in Cybercrime Crackdown in Africa

An enforcement operation coordinated by INTERPOL has resulted in the apprehension of 574 suspects and the recovery of $3 million by authorities from 19 countries in Africa. This crackdown focused on cybercrime networks engaging in activities such as business email compromise, digital extortion, and ransomware.

Participating countries in Operation Sentinel included Benin, Botswana, Burkina Faso, Cameroon, Chad, Congo, Djibouti, Democratic Republic of the Congo, Gabon, Ghana, Kenya, Malawi, Nigeria, Senegal, South Africa, South Sudan, Uganda, Zambia, and Zimbabwe.

During the operation, over 6,000 malicious links were removed, and six ransomware variants were decrypted. The incidents investigated were associated with financial losses estimated to exceed $21 million.

Additionally, several suspects were arrested in connection with a ransomware attack on a Ghanaian financial institution that led to the encryption of 100 terabytes of data and a theft of $120,000. Ghanaian authorities also dismantled a cyber fraud network operating in Ghana and Nigeria, defrauding over 200 victims of more than $400,000.

Law enforcement efforts in Benin led to the takedown of 43 malicious domains and 4,318 social media accounts used for extortion schemes, resulting in the arrest of 106 individuals.

Neal Jetton, INTERPOL’s director of cybercrime, emphasized the increasing scale and sophistication of cyber attacks in Africa, particularly targeting critical sectors like finance and energy.

Operation Sentinel is part of the African Joint Operation against Cybercrime (AFJOC), which aims to strengthen the capabilities of national law enforcement agencies in Africa to combat cybercriminal activities effectively.

Ukrainian National Pleads Guilty to Nefilim Ransomware Attacks

In a related development, a 35-year-old Ukrainian national pleaded guilty in the U.S. for using Nefilim ransomware to target companies in the country and abroad as an affiliate. The individual, Artem Aleksandrovych Stryzhak, was arrested in Spain in June 2024 and extradited to the U.S. in April.

The Justice Department charged another Ukrainian national, Volodymyr Viktorovich Tymoshchuk, for his involvement in ransomware operations, including LockerGoga, MegaCortex, and Nefilim, between December 2018 and October 2021. Tymoshchuk, who remains at large, is wanted by authorities, with an $11 million reward announced for information leading to his arrest or conviction.

Nefilim ransomware victims span across multiple countries, including the U.S., Germany, the Netherlands, Norway, and Switzerland.

Stryzhak’s guilty plea involved conspiracy to commit computer-related fraud in connection with Nefilim ransomware activities. He is set to be sentenced on May 6, 2026, facing a maximum penalty of 10 years in prison.