574 arrests, $3 million recovered in Africa-wide cybercrime crackdown

Law enforcement agencies across 19 countries arrested 574 suspects and recovered approximately $3 million during a major cybercrime operation spanning Africa.

Suspects were arrested in Ghana in connection to the cyber-fraud case, with over 100 digital devices seized. (Source: Europol)

The month-long initiative, known as Operation Sentinel (27 October–27 November), targeted three of the region’s most prevalent cybercrime threats: business email compromise (BEC), digital extortion, and ransomware. All three were identified as growing risks in INTERPOL’s 2025 Africa Cyber Threat Assessment Report.

Coordinated by INTERPOL, the operation led to the takedown of more than 6,000 malicious links and the decryption of six distinct ransomware variants. Investigations tied to the operation revealed estimated financial losses exceeding $21 million.

Quick interventions and international cooperation

In Senegal, a major petroleum company uncovered a highly sophisticated business email compromise (BEC) scheme in which attackers breached internal email systems and posed as senior executives to approve a fraudulent wire transfer worth $7.9 million. Senegalese authorities moved quickly, freezing the destination accounts and stopping the transfer before any funds could be withdrawn.

Ghana also saw multiple high-impact cases. In one incident, a financial institution was hit by a ransomware attack that encrypted roughly 100 terabytes of data and siphoned off about $120,000, disrupting critical services. Through advanced malware analysis, Ghanaian investigators identified the ransomware strain and built a decryption tool that restored nearly 30 terabytes of data. Several suspects have since been arrested.

In a separate operation, Ghanaian authorities dismantled a large cyber-fraud network operating across Ghana and Nigeria. The group targeted more than 200 victims, stealing over $400,000 by using polished websites and mobile apps that impersonated well-known fast-food brands. Customers paid for orders that never arrived. Ten suspects were arrested in Ghana, more than 100 digital devices were seized, and 30 fraudulent servers were taken offline.

Elsewhere, authorities in Benin shut down 43 malicious domains and more than 4,300 social media accounts linked to extortion schemes and online scams, resulting in 106 arrests.

In Cameroon, law enforcement responded swiftly after two victims reported being defrauded through an online vehicle sales platform. Investigators traced the phishing campaign to a compromised server and issued an emergency bank freeze within hours, preventing further losses.

“The scale and sophistication of cyberattacks across Africa are accelerating, especially against critical sectors like finance and energy. The outcomes from Operation Sentinel reflect the commitment of African law enforcement agencies, working in close coordination with international partners. Their actions have successfully protected livelihoods, secured sensitive personal data and preserved critical infrastructure,” said Neal Jetton, INTERPOL’s Director of Cybercrime.

Operation Sentinel was made possible through close coordination with INTERPOL’s private sector partners Team Cymru, The Shadowserver Foundation, Trend Micro, TRM Labs and Uppsala Security. Partnerships with private sectors provided critical technical support in tracing IP addresses utilized at various stages of the ransomware attack lifecycle and sextortion schemes, as well as assisting in freezing illicit financial assets.