A ‘very good thing’: The fact that the same operation broke ransomware operations and a business email compromise (BEC) operation is “unique,” said DiMaggio, because most people think of Africa as the source of BEC and fraud scams.The fact that authorities are working to disrupt ransomware operations in Africa before they grow to the size of those run by gangs in other areas of the world “is a very good thing,” he said. Africa is “a few steps behind where the Russian ransomware scene is,” so targeting gangs there now before they grow bigger is important, he said.The breaking of a BEC operation could also be significant, he added, because, in aggregate, crooks around the world pull in more money from business email scams than from ransomware, DiMaggio said.Related content: RansomHouse strain upgradedOperation Sentinel is the second major anti-cybercrime operation in Africa this year. In August, Interpol announced the second stage of Operation Serengeti that saw the arrest of 1,209 people, the dismantling of over 11,400 malicious IT infrastructures, and the recovery of just over $97 million. This operation also dealt with high-impact cybercrimes including ransomware, online scams, and BEC scams.
Other enforcement efforts: These operations were among significant moves against threat actors globally in 2025.Operation Endgame, an ongoing international anti-botnet effort coordinated by Europol, went after threat actors subscribing to the Smokeloader pay-per-install botnet, took down some 300 servers behind the malware used to distribute ransomware, and, in November, took down or disrupted 1,025 servers including the Elysium botnet, the enabler of the Rhadamanthys infostealer and VenomRAT remote access trojan.Separately, authorities in the US, Finland, and the Netherlands teamed up to take down AVCheck, one of the largest counter-antivirus services used by criminals around the world.As well, the Five Eyes intelligence sharing group, consisting of the US, the UK, Canada, Australia, and New Zealand, accused China of supporting threat actors who are attacking critical infrastructure in a number of countries, and Microsoft got a court order allowing it to seize and block 2,300 domains behind the distribution of another infostealer, Lumma Stealer.Related content: Create a ransomware playbook that works
An uphill battle: Ed Dubrovsky, chief operating officer of incident response firm Cypfer, said the breaking of six ransomware strains is good news. But, he added, the cybercrime industry is more than ever focused on data theft as opposed to data encryption, and in some cases, data destruction after theft.”Law enforcement action against cybercrime is of critical importance,” he added. “Without some level of deterrence, and given the upside from a financial [perspective] and other motives, cybercrime would have been much more prevalent and impactful.”With that said, cybercrime is still a multibillion dollar market, and law enforcement suffers from limited resources and proper ongoing training. Some countries, such as the US, are far ahead of others from a sophistication and effectiveness perspective “¦ Law enforcement is effective, partially, and in very specific areas of cybercrime, and in other areas, the effectiveness is still a work in progress.”Some threat actors have great IT expertise, he added, and are taking advantage of AI. “Therefore, I believe law enforcement is achieving great impact in reducing cybercrime while also fighting an uphill battle.”
Attackers likely to expand efforts worldwide: Christian Leuprecht, a Canadian university professor and expert on national security, cybercrime, and money laundering, noted Africa’s population is set to double in the next 25 years, and it has the youngest population structure of any continent. The combination of a highly innovative and increasingly sophisticated workforce in some of the most politically, economically, and socially unsustainable countries in the world will be likely to generate a host of sophisticated local threat actors vying for economic survival and prosperity, with a potentially global reach. For now, he said, they are going after local targets, likely because they’re less resilient to attack and exploitation. But as local firms harden their cyber defenses, these African-based threat actors are bound to expand their operations globally. More, better, and proactive local disruption and enforcement capacity against these threat actors is critical to prevent them from becoming global in scale, he said.”The scale and sophistication of cyberattacks across Africa are accelerating, especially against critical sectors like finance and energy,” Neal Jetton, Interpol’s director of cybercrime, said in a statement. “The outcomes from Operation Sentinel reflect the commitment of African law enforcement agencies, working in close coordination with international partners. Their actions have successfully protected livelihoods, secured sensitive personal data, and preserved critical infrastructure.”Operation Sentinel not only used the resources of law enforcement agencies, but also was assisted by efforts from cybersecurity companies including Team Cymru, The Shadowserver Foundation, Trend Micro, TRM Labs, and Uppsala Security.
Attackers likely to expand efforts worldwide: Christian Leuprecht, a Canadian university professor and expert on national security, cybercrime, and money laundering, noted Africa’s population is set to double in the next 25 years, and it has the youngest population structure of any continent. The combination of a highly innovative and increasingly sophisticated workforce in some of the most politically, economically, and socially unsustainable countries in the world will be likely to generate a host of sophisticated local threat actors vying for economic survival and prosperity, with a potentially global reach. For now, he said, they are going after local targets, likely because they’re less resilient to attack and exploitation. But as local firms harden their cyber defenses, these African-based threat actors are bound to expand their operations globally. More, better, and proactive local disruption and enforcement capacity against these threat actors is critical to prevent them from becoming global in scale, he said.”The scale and sophistication of cyberattacks across Africa are accelerating, especially against critical sectors like finance and energy,” Neal Jetton, Interpol’s director of cybercrime, said in a statement. “The outcomes from Operation Sentinel reflect the commitment of African law enforcement agencies, working in close coordination with international partners. Their actions have successfully protected livelihoods, secured sensitive personal data, and preserved critical infrastructure.”Operation Sentinel not only used the resources of law enforcement agencies, but also was assisted by efforts from cybersecurity companies including Team Cymru, The Shadowserver Foundation, Trend Micro, TRM Labs, and Uppsala Security.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4111324/interpol-sweep-takes-down-cybercrooks-in-19-countries.html
