INTERPOL has announced the results of Operation Ramz, a coordinated law enforcement action across the Middle East and North Africa (MENA) region that targeted widespread phishing campaigns, malware operations, and cyber fraud schemes. The operation resulted in 201 arrests and the identification of 382 additional suspects linked to cybercrime activities that caused substantial financial losses throughout the region.

The operation brought together law enforcement agencies from multiple MENA countries to disrupt organized cybercrime networks operating across national borders. These criminal groups had been conducting phishing campaigns and deploying malware to steal financial information and defraud victims on a large scale. The coordinated approach allowed authorities to track criminal infrastructure and identify key operators in multiple jurisdictions simultaneously.

Moroccan authorities played a significant role in the operation, seizing computers, smartphones, and external hard drives that contained banking data and specialized software used to conduct phishing operations. Law enforcement also took control of 53 servers that were hosting malicious infrastructure used by the criminal networks. The seized equipment and data will provide investigators with evidence to support prosecutions and potentially identify additional victims and suspects.

Authorities have identified 3,867 victims who were targeted by these cybercrime operations. The financial losses across the region were described as substantial, though specific monetary figures were not disclosed in the announcement. The victims likely include individuals and businesses who fell prey to phishing emails, fraudulent websites, or malware infections designed to steal banking credentials and other sensitive information.

Organizations and individuals in the MENA region should review their cybersecurity practices in light of this operation. Security teams should implement email filtering to block phishing attempts, deploy endpoint protection to detect malware, and conduct user awareness training on recognizing social engineering tactics. Financial institutions should monitor for unusual account activity and consider implementing additional authentication measures. Anyone who suspects they may have been victimized by phishing or fraud schemes should report the incident to local law enforcement authorities.

Source: https://www.helpnetsecurity.com/2026/05/18/interpol-mena-cybercrime-operation-ramz-201-arrests/