INTERPOL Operation – INTERPOL says Operation Ramz—focused on the Middle East and North Africa—led to more than 200 arrests and the seizure of 53 servers used for phishing, malware, and online fraud. The operation identified 382 additional suspects across 13 countries and links the
For more than 200 people. Operation Ramz did what cybercrime investigations rarely manage on time: it turned hidden infrastructure into seized servers and handcuffed suspects.. INTERPOL says the crackdown targeted the Middle East and North Africa. where phishing schemes and malware operations keep resurfacing in new forms.
INTERPOL reported more than 200 individuals were arrested for cybercrime activities connected to the operation’s focus.. Law enforcement also identified another 382 suspects across 13 countries: Algeria. Bahrain. Egypt. Iraq. Jordan. Lebanon. Libya. Morocco. Oman. Palestine. Qatar. Tunisia. and the UAE.
The most immediate impact for victims came from the equipment itself. Authorities seized 53 servers used for phishing, malware, and online fraud. INTERPOL links the infrastructure to at least 3,867 confirmed victims, based on nearly 8,000 intelligence packages retrieved from the seized equipment.
“The operation focused on neutralizing phishing and malware threats, as well as tackling cyber scams that inflict severe cost to the region,” INTERPOL said in its announcement.
Several details inside the operation show how broad the criminal ecosystem was.. In Qatar, compromised devices—used unknowingly by others to spread malware—were secured.. In Jordan. investigators dismantled an investment scam operation that forced 15 trafficked workers from Asia to run fraud schemes; two organizers were arrested.. In Oman, authorities disabled a vulnerable malware-infected server containing sensitive data.. In Algeria, a phishing-as-a-service platform was shut down and one suspect was arrested.. In Morocco, devices and banking data tied to phishing operations were seized, with multiple suspects under judicial investigation.
The work wasn’t done by law enforcement alone. INTERPOL collaborated with private cybersecurity firms including Kaspersky, Group-IB, The Shadowserver Foundation, Team Cymru, and TrendAI to track the malicious infrastructure.
Operation Ramz is the third major cybercrime crackdown INTERPOL says it has concluded this year.. In March. INTERPOL announced Operation Synergia III. which involved sinkholing 45. 000 malicious IP addresses. seizing 212 devices and servers. and arresting 94 individuals across 72 countries for participating in phishing. hacking. fraud. and malware distribution.. Earlier. in February. INTERPOL said it arrested 651 suspects across 16 African countries under Operation Red Card 2.0. targeting investment fraud. mobile money scams. and fake loan apps connected to more than $45 million in losses.
What ties these operations together is the shift from “taking down one bad actor” to disrupting the infrastructure that makes scams scalable.. In Operation Ramz. that disruption came in the form of 53 seized servers and at least 3. 867 confirmed victims identified through nearly 8. 000 intelligence packages pulled from the equipment.
INTERPOL Operation Ramz phishing servers malware servers cybercrime arrests Middle East and North Africa Kaspersky Group-IB Shadowserver Foundation Team Cymru TrendAI cyber scams