INTERPOL Operation Ramz: 201 Arrests in Landmark MENA Cybercrime Takedown

INTERPOL’s first large-scale cybercrime operation in the Middle East and North Africa (MENA) region, codenamed Operation Ramz, has resulted in 201 arrests and the identification of nearly 4,000 victims.

Conducted between October 2025 and February 2026, the operation targeted the sprawling infrastructure of phishing, malware, and financial fraud across 13 countries. Beyond the arrests, authorities identified 382 additional suspects and seized 53 servers used to facilitate global cyberattacks. This initiative marks a significant shift in regional law enforcement, moving toward a unified, intelligence-led defense against digital threats.

Regional Coordination Disrupts Phishing Infrastructure

In our observation of the operational data, the success of Operation Ramz hinged on the dissemination of nearly 8,000 pieces of intelligence among participating nations. This high-level coordination allowed local authorities to dismantle sophisticated "Phishing-as-a-Service" (PhaaS) platforms that lower the barrier to entry for novice cybercriminals.

Algerian authorities successfully dismantled a major PhaaS website, seizing hardware and software scripts used to automate credential theft. Similarly, Moroccan officials confiscated external hard drives and smartphones containing stolen banking data. When we reviewed the technical highlights, it became clear that the operation did not just target individuals but sought to "burn" the tools and servers that allow these networks to scale.

The Intersection of Human Trafficking and Cyber Fraud

One of the most sobering details documented during the crackdown occurred in Jordan. While investigating a fraudulent investment platform, police discovered that 15 individuals operating the scam were not willing participants.

Investigators determined these individuals were victims of human trafficking, recruited from Asia with promises of legitimate employment only to have their passports confiscated upon arrival. Forced into "scam factories," they were coerced into running financial fraud schemes. This discovery highlights an evolving and dangerous trend in the cybercrime landscape: the hybridization of digital fraud with physical exploitation and human rights abuses.

Securing Compromised “Zombie” Devices

Operation Ramz also addressed the passive threats posed by compromised infrastructure. In Qatar and Oman, investigators located servers and personal devices that were being used to spread malware without the owners' knowledge.

These "zombie" systems often serve as the backbone for larger botnets. In Oman, a server located in a private residence was found to have critical vulnerabilities despite the owner having legitimate access to the stored data. Law enforcement took immediate action to secure these systems, illustrating that many victims of cybercrime are unaware their hardware is being weaponized against others.

Protecting Yourself from Evolving Scams

The sheer volume of seized banking data in Morocco and phishing scripts in Algeria serves as a reminder of how prevalent social engineering has become. Cybercriminals frequently use "unusual activity" alerts to induce panic and trick users into revealing credentials.

To defend against these tactics, it is critical to recognize the signs of a phishing attempt. If you receive an unexpected email claiming your account has been compromised, do not click the provided links. Instead, navigate directly to the official website of the service in question. For those concerned about ongoing threats, reviewing specialized resources on identifying and removing unusual email scams can provide an extra layer of technical defense.

Global Partnerships and Future Outlook

Neal Jetton, INTERPOL’s Director of Cybercrime, stated that Operation Ramz demonstrates the "effectiveness of global collaboration" in a borderless digital landscape. The operation was supported by private-sector partners including Kaspersky, Group-IB, and Team Cymru, who provided the "internet-scale visibility" necessary to track malicious servers across different jurisdictions.

The participating countries—including Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the UAE—have established a new precedent for regional security. As cybercrime continues to cost the global economy trillions annually, the clinical, multi-national approach seen in Operation Ramz is likely to become the standard for future law enforcement actions.

Quick Facts: Operation Ramz

• Participating Countries: 13 (MENA region)

• Arrests Made: 201

• Suspects Identified: 382

• Victims Identified: 3,867

• Servers Seized: 53

• Intelligence Pieces Shared: ~8,000