INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests

INTERPOL has coordinated a first-of-its-kind cybercrime crackdown throughout the Center East and North Africa (MENA) that led to 201 arrests and the identification of an extra 382 suspects.

The initiative concerned the efforts of 13 nations from the area between October 2025 and February 2026, aiming to analyze and neutralize malicious infrastructure, arrest perpetrators behind these actions, and stop future losses.

“The operation centered on neutralizing phishing and malware threats, in addition to tackling cyber scams that inflict extreme value to the area,” INTERPOL stated in an announcement. “Along with the arrests made, 3,867 victims have been recognized, and 53 servers have been seized.”

The operation, codenamed Ramz, led to the disruption of a phishing-as-a-service (PhaaS) by Algerian authorities after its server was confiscated, together with a pc, a cell phone, and arduous drives containing phishing software program and scripts. One suspect was arrested in reference to the scheme.

Elsewhere, Moroccan officers seized computer systems, smartphones, and exterior arduous drives that contained banking information and software program used for phishing operations.

Authorities additionally recognized a reputable server situated in a non-public residence in Oman that contained delicate info. The server suffered from a number of important safety vulnerabilities and was contaminated by malware. INTERPOL stated actions have been taken to disable the server.

Lastly, Jordanian police recognized a pc that was used to run monetary fraud scams, the place unsuspecting customers have been tricked into investing their property in a seemingly reputable buying and selling platform, just for it to close down as soon as the funds have been deposited.

“A raid uncovered 15 people finishing up the scams, however investigators decided that they have been victims of human trafficking who had been recruited beneath the false promise of employment from their house nations in Asia,” INTERPOL stated.

“Upon arrival in Jordan, their passports have been confiscated, and so they have been pressured or coerced into taking part within the scheme. Two people suspected of orchestrating the operation have been arrested.”

Group-IB, which was one of many personal sector corporations that participated within the effort, stated it offered “actionable intelligence” on over 5,000 compromised accounts, together with those who have been related to authorities infrastructure, and shared particulars about energetic phishing infrastructure throughout the area.

“Cybercrime is borderless, and the one efficient response is one that’s equally borderless,” Joe Sander, CEO of Crew Cymru, stated. “Operation Ramz is precisely that sort of response, regulation enforcement and trusted private-sector companions pooling intelligence, transferring in live performance, and dismantling the infrastructure that criminals rely on.”

Nations that took half in Operation Ramz included Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the U.A.E.

Sequence of Regulation Enforcement Actions

The arrests come towards the backdrop of a string of regulation enforcement actions introduced by Germany and the U.S. Division of Justice (DoJ) in current weeks –

• The sentencing of Thomasz Szabo (aka Plank, Jonah, and Cypher), 27, of Romania, to 48 months in jail for his position because the mastermind of a web-based swatting ring that focused greater than 75 public officers, 4 spiritual establishments, and a number of journalists.
• The indictment of Owe Martin Andresen (aka Speedstepper), the suspected major administrator of the illicit darknet market, Dream Market, on cash laundering costs, following his arrest in Germany final week.
• The shutdown of a relaunched model of the Crimenetwork market (it was initially dismantled in December 2024) and the arrest of a suspected administrator, a 35-year-old German citizen, on the Spanish island of Mallorca.
• The conviction of Sohaib Akhter, 34, of Alexandria, Virginia, by a federal jury for deleting 96 databases storing U.S. authorities info and stealing the plaintext password of a person who had submitted a grievance to the Equal Employment Alternative Fee’s Public Portal.
• The sentencing of Alan Invoice, 33, of Bratislava, the Slovakian Administrator of Kingdom Market, to 200 months (greater than 16 years) in jail after he pleaded responsible to a conspiracy to distribute managed substances, unlawful medicine, stolen monetary information, counterfeit paperwork, and malware earlier this January.
• The sentencing of David Jose Gomez Cegarra, 25, of Venezuela to time served and pay restitution totaling $294,820 in reference to a string of ATM jackpotting incidents between October 5 and November 11, 2024, within the U.S. states of New York, Massachusetts, and Illinois.
• The arrest of a 21-year-old from Dordrecht for his or her involvement in a device known as JokerOTP that is utilized by cybercriminals to intercept one-time passwords (OTPs) and two-factor authentication (2FA) codes for hijacking on-line accounts by impersonating trusted organizations equivalent to banks, cryptocurrency exchanges, and different main service suppliers.
• The sentencing of Marlon Ferro (aka GothFerrari), 20, of Santa Ana, California, to 78 months in jail in reference to a social engineering conspiracy that stole greater than $250 million in cryptocurrency from victims throughout the U.S. between late 2023 and early 2025.

“This [social engineering] scheme blended refined on-line fraud with old style housebreaking to empty victims of hundreds of thousands of {dollars} in digital property,” U.S. Lawyer Jeanine Ferris Pirro said.

“The conspiracy’s operatives sometimes focused people believed to carry vital cryptocurrency holdings. Its members manipulated victims into surrendering entry to their digital wallets by elaborate fraud schemes. When victims saved their cryptocurrency in {hardware} wallets, bodily gadgets that can not be accessed remotely, the enterprise turned to Ferro.”