What happened
Interpol led Operation Sentinel, a coordinated cybercrime enforcement effort across 19 African nations from October 27 to November 27, 2025. The operation resulted in the arrest of 574 suspects linked to business email compromise (BEC), digital extortion, and ransomware schemes. Law enforcement dismantled more than 6,000 malicious links, decrypted six distinct ransomware variants, and recovered approximately USD 3 million in illicit assets tied to crimes that caused an estimated USD 21 million in losses.
Who is affected
The action spanned countries including Benin, Ghana, Senegal, Nigeria, Kenya, South Africa, Uganda, and multiple others, covering major economic sectors such as energy and financial services. High‑profile incidents included blocking a nearly USD 7.9 million fraudulent BEC transfer targeting a Senegalese petroleum firm and decrypting tens of terabytes of data in a Ghanaian ransomware attack.
Why CISOs should care
This operation highlights the evolving sophistication of cybercrime and the persistent threat posed by BEC, extortion, and ransomware globally. The takedown of multiple ransomware families and large‑scale arrests demonstrate the real‑world impact of international collaboration on disrupting threat actor infrastructure and illicit finance flows. CISOs should note that such enforcement increases pressure on criminal ecosystems, potentially forcing shifts in attack patterns and targeting.
3 Practical Actions for Security Leaders
- Enhance Email Security Controls: Strengthen defenses against BEC with advanced authentication (DMARC, SPF, DKIM), anomaly detection, and user awareness training to reduce the likelihood of account compromise.
- Ransomware Preparedness & Response: Maintain reliable offline backups, test recovery procedures regularly, and integrate tailored decryption capabilities where available to limit operational impact.
- Leverage Threat Intelligence: Incorporate shared threat data and law enforcement feeds into detection platforms to proactively identify indicators of compromise (IoCs) associated with emerging ransomware variants and extortion campaigns.