Operation Sentinel: 574 arrested in Africa-wide cybercrime sweep

A coordinated cybercrime operation across 19 African countries has resulted in 574 arrests and the recovery of approximately $3 million, according to INTERPOL. The month-long initiative, codenamed Operation Sentinel (27 October–27 November), targeted business email compromise, digital extortion, and ransomware attacks that have increasingly targeted the continent's financial and energy sectors.

The operation uncovered more than 6,000 malicious links and successfully decrypted six distinct ransomware variants, with investigations revealing estimated financial losses exceeding $21 million across the affected nations. The crackdown highlighted the growing sophistication of cybercriminal networks operating across Africa's digital infrastructure.

Background and Context

The operation focused on three cybercrime types identified as growing risks in INTERPOL's 2025 Africa Cyber Threat Assessment Report. Business email compromise schemes have proven particularly lucrative for criminal networks, with attackers increasingly targeting senior executives to authorize fraudulent transfers worth millions of dollars.

Ransomware attacks have simultaneously evolved beyond simple encryption schemes, with cybercriminals now employing double-extortion tactics—stealing sensitive data before encrypting systems and threatening to release it publicly unless demands are met. The operation's success in decrypting six ransomware variants represents a significant technical achievement for African law enforcement agencies.

Key Figures and Entities

Operation Sentinel was coordinated by INTERPOL with extensive support from private sector partners including Team Cymru, The Shadowserver Foundation, Trend Micro, TRM Labs, and Uppsala Security. According to Neal Jetton, INTERPOL's Director of Cybercrime, the operation demonstrated unprecedented cooperation between African law enforcement agencies and international technical experts.

"The scale and sophistication of cyberattacks across Africa are accelerating, especially against critical sectors like finance and energy," Jetton said in a public statement. "The outcomes from Operation Sentinel reflect the commitment of African law enforcement agencies, working in close coordination with international partners."

Legal and Financial Mechanisms

The operation employed rapid-response mechanisms to freeze illicit financial transfers, as demonstrated in Senegal where authorities intercepted a $7.9 million fraudulent wire attempt targeting a major petroleum company. Senegalese law enforcement successfully froze destination accounts before funds could be withdrawn, showcasing the effectiveness of swift inter-agency coordination.

In Ghana, investigators developed custom decryption tools to restore approximately 30 terabytes of data encrypted in a ransomware attack against a financial institution. The technical capability to reverse-engineer ransomware encryption represents a significant advancement in African cybercrime response capabilities.

International Implications and Policy Response

The operation revealed how cybercriminal networks exploit jurisdictional boundaries to maximize their operational reach, with one fraud network operating across Ghana and Nigeria targeting more than 200 victims through counterfeit fast-food applications. The cross-border nature of these schemes underscores the need for harmonized cybercrime legislation across African nations.

The successful takedown of 43 malicious domains and 4,300 social media accounts by Beninese authorities demonstrates the growing capacity of African law enforcement to combat online extortion schemes. However, the operation's findings indicate that existing regulatory frameworks may require strengthening to address the rapid evolution of cybercrime methodologies.

Sources

This report draws on official statements from INTERPOL, the 2025 Africa Cyber Threat Assessment Report, and operational details provided by participating law enforcement agencies. Additional information was sourced from partner organizations including Team Cymru, The Shadowserver Foundation, and Trend Micro regarding technical aspects of the cybercrime investigations.