The International Criminal Police Organization (INTERPOL) announced this week the successful completion of its largest cybercrime operation to date. Operation Ramz spanned across 13 countries in the Middle East and North Africa and resulted in the mass arrest of 201 individuals.
Operation Ramz, which ran from October 2025 to February 2026, focused on neutralizing phishing and malware threats while tackling cyber scams that have imposed significant financial burdens in the region.
The objectives of the operation included investigating and disrupting malicious infrastructure, identifying and apprehending suspects, and preventing future losses.
In addition to the arrests, 382 additional suspects were identified, and 53 servers were seized during the operation. A total of 3,867 victims were identified throughout the investigation.
According to INTERPOL’s statement, nearly 8,000 critical pieces of data and intelligence were shared among the participating countries to facilitate ongoing investigations.
INTERPOL collaborated with several cybersecurity partners during the operation, including Group-IB, Kaspersky, the Shadowserver Foundation, Team Cymru, and TrendAI, to track malicious cyber activities and pinpoint compromised servers.
Operation Ramz highlights
As part of Operation Ramz, infected devices in Qatar were identified and used to spread threats without the owners’ awareness. Following the investigation, the affected systems were promptly secured, and the owners were notified to take necessary preventive measures.
In Jordan, police uncovered a financial fraud operation involving a fake trading platform. Fifteen individuals involved were identified as victims of human trafficking, and two suspected organizers were arrested.
Omani investigators discovered a vulnerable server located in a private residence that contained sensitive information. This server was infected with malware and had critical security flaws, leading authorities to disable it.
Algerian authorities dismantled a phishing-as-a-service website, seizing a server, computer, phone, hard drives, and phishing scripts.
Moroccan authorities seized devices and banking data linked to phishing operations, resulting in three individuals facing judicial proceedings, with further investigations ongoing for others.
Neal Jetton, the Director of Cybercrime at INTERPOL, stated in the INTERPOL statement summarizing the operation, “In a world where cybercriminals exploit the digital landscape without borders, Operation Ramz demonstrates the effectiveness of global collaboration.”
He added, “INTERPOL is dedicated to working with its member countries and private sector partners to dismantle malicious infrastructure, disrupt criminal groups, and bring perpetrators to justice.”
