574 Arrests and $3 Million Recovered in Massive Public-Private Crackdown on Ransomware and BEC
Team Cymru has announced its pivotal role in Operation Sentinel, a high-impact INTERPOL initiative that has successfully neutralized multiple cybercrime networks across Africa. The month-long operation (October 27 – November 27, 2025) targeted the continent’s most aggressive digital threats: Business Email Compromise, digital extortion, and ransomware.
By combining the on-the-ground authority of law enforcement with the beyond-the-horizon visibility of private intelligence partners like Team Cymru, the operation managed to protect critical infrastructure and prevent millions in potential financial losses.
The scale of the operation underscores the growing sophistication of the African cyber-threat landscape, as detailed in INTERPOL’s 2025 Africa Cyber Threat Assessment Report.
- Total Arrests: 574 suspects across 19 countries.
- Direct Funds Recovered: Approximately $3 million USD in illicit proceeds.
- Potential Losses Prevented: An estimated $21 million USD in attempted and realized losses addressed.
- Malicious Links Removed: Over 6,000 links used for phishing and malware distribution.
- Ransomware Solutions: 6 distinct ransomware variants decrypted.
- Digital Cleanup: 4,318 social media accounts shut down (linked to extortion).
Operation Sentinel focused on rapid, technical intervention to stop financial bleeding in real-time through coordinated international efforts.
- Senegal: Authorities successfully blocked a fraudulent $7.9 million transfer targeting a major petroleum company, foiling a sophisticated BEC impersonation of company executives.
- Ghana: Law enforcement recovered nearly 30 terabytes of data for a financial institution using a custom-developed decryption tool after a massive ransomware attack.
- Benin: Executed a sweeping digital cleanup, taking down 43 malicious domains and more than 4,300 social media accounts, leading to 106 arrests.
- Nigeria & Ghana: Investigators dismantled a cross-border ghost restaurant fraud ring that used professionally designed fake websites to scam over 200 victims.
- Cameroon: Rapidly traced phishing infrastructure used in an online vehicle sales scam, resulting in immediate freezes on associated bank accounts.
The success of Operation Sentinel relied on a “Public-Private Intelligence Loop.” INTERPOL worked alongside an elite group of partners, including Team Cymru, The Shadowserver Foundation, Trend Micro, TRM Labs, and Uppsala Security.
“Operations like Sentinel show the power of trusted collaboration. Cybercrime is global, but so is the community working to stop it. We’re proud to help deliver the visibility needed to protect economies, institutions, and citizens.” — Jacomo Piccolini, Manager of Outreach at Team Cymru
Neal Jetton, INTERPOL’s Director of Cybercrime, noted that these actions were crucial for protecting the digital sovereignty of African states, particularly in sensitive sectors such as energy and finance.
