SINGAPORE-The first-of-its-kind cybercrime operation in the Middle East and North Africa has resulted in 201 arrests and the identification of 382 more suspects.

Thirteen countries from the Middle East and North Africa participated in Operation Ramz (October 2025-February 28, 2026), designed to investigate and disrupt malicious infrastructure, identify and arrest suspects, and prevent future damage.

The operation is focused on eliminating phishing and malware threats while cracking down on online scams that have taken a heavy toll on the region.

In addition to the arrests, 3867 victims were identified and 53 servers were seized.

Operation Ramz marks a milestone in the first large-scale cyber operation coordinated by Interpol in the Middle East and North Africa region. In the process, nearly 8000 copies of critical data and intelligence were distributed to participating countries to initiate and support investigations.

Neil Jayton, Interpol's director of cybercrime, said:

"Operation Ramz demonstrates the effectiveness of global collaboration in a borderless world where cybercriminals take advantage of the digital environment. Interpol is committed to working with its member states and private sector partners to combat malicious infrastructure, fight criminal gangs and bring perpetrators to justice."

Nearly 8000 copies of critical data and intelligence were distributed to participating countries, including Jordan, to initiate and support investigations.

Moroccan authorities seized computers, smartphones and external hard drives containing bank data and software used for phishing.

The focus of the operation is to eliminate phishing and malware threats while combating cyber fraud.

Jordanian police located a computer used for financial fraud.

1/4

Operational Highlights

-In Qatar, the hacked equipment was confirmed by intelligence obtained through Operation Ramz. Investigators determined that the unsuspecting owners were themselves victims of cyberattacks and did not know that their devices were being used to spread malicious threats. The affected systems were immediately blocked and the device owners were notified to take the necessary precautions.

-Jordanian police located a computer used for financial fraud. Victims were persuaded to invest through what appeared to be a legitimate trading platform, but the platform shut down after the funds were deposited. The raid uncovered 15 people who carried out the scam, but investigators identified them as victims of human trafficking who had been falsely promised to be hired from their Asian home country. Upon arrival in Jordan, their passports were confiscated and they were forced or coerced into participating in the scheme. Two people suspected of planning the operation were arrested.

-Investigators in Oman found a server containing sensitive information in a private home. Although the server owner has legitimate access, the server has several critical security vulnerabilities, including malware infections. Take action to disable the server to prevent further harm.

-In Algeria, a website offering phishing services was identified and dismantled as part of Operation Ramz. After finding the suspicious server, the authorities successfully seized a server, a computer, a mobile phone and a hard drive storing phishing software and scripts. A suspect has been arrested.

-Moroccan authorities seized computers, smartphones and external hard drives containing banking data and software used for phishing. As a result, three people are undergoing judicial proceedings and the others are still under investigation.

During Operation Ramz, Interpol worked closely with its partner group, Kaspersky, the Shadow Server Foundation, Team Cymru, and TrendAI to track down illicit cyber activity and identify malicious servers.