INTERPOL Operation Ramz: 201 Arrests in MENA Cybercrime Crackdown

INTERPOL's Operation Ramz has concluded with a significant blow to cybercriminal operations across the Middle East and North Africa (MENA) region. The coordinated crackdown, spanning October 2025 to February 2026, resulted in 201 arrests and the identification of 382 additional suspects across 13 countries. The operation specifically targeted phishing-as-a-service (PhaaS) platforms, malware infrastructure, and cyber fraud schemes that have inflicted severe financial losses on regional victims. Authorities seized 53 servers and identified 3,867 victims during the investigation, demonstrating the extensive reach of these criminal networks. Organizations concerned about their exposure to such threats can utilize email breach checker to determine if their credentials have been compromised in similar incidents.

Algerian authorities achieved a major victory by disrupting a phishing-as-a-service operation after confiscating the operation's server along with a computer, mobile phone, and hard drives containing phishing software and scripts. One suspect was arrested in connection with this scheme. Moroccan officials similarly seized computers, smartphones, and external hard drives containing banking data and specialized phishing software used to target financial institutions. In Oman, investigators discovered a legitimate server located in a private residence that had been compromised with multiple critical security vulnerabilities and infected with malware. Security teams can use port scanner to identify exposed services that could be exploited by threat actors in similar scenarios.

The Jordanian case revealed a particularly disturbing aspect of cybercrime operations. Police identified a computer used to orchestrate financial fraud scams, luring unsuspecting users to invest in a fraudulent trading platform that would shut down once funds were deposited. A raid uncovered 15 individuals conducting the scams, but investigators determined they were victims of human trafficking recruited under false employment promises from Asian countries. Upon arrival in Jordan, their passports were confiscated, and they were coerced into participating. Two suspected organizers were arrested. Private sector participants like Group-IB contributed actionable intelligence on over 5,000 compromised accounts, including those associated with government infrastructure, while Team Cymru CEO Joe Sander emphasized that "cybercrime is borderless, and the only effective response is one that is equally borderless." Organizations can assess their attack surface using SSL/TLS checker to ensure proper encryption configurations that may prevent some of these attack vectors.