On 18 May 2026, INTERPOL announced the results of Operation Ramz, a first-of-its-kind cybercrime operation across the Middle East and North Africa. The operation led to 201 arrests, the identification of 382 additional suspects, and the discovery of 3,867 victims across 13 countries.
The scale of the operation is important, but the bigger story is what it reveals about how cybercrime works today. Online scams are no longer isolated incidents carried out by individuals behind laptops. Many are part of organized, cross-border networks that use phishing, malware, fake investment platforms, compromised devices, and vulnerable servers to steal money and data.
Operation Ramz shows that fighting cybercrime now requires the same level of international cooperation as fighting drug trafficking, financial crime, or human trafficking.
What Was Operation Ramz?
Operation Ramz took place from October 2025 to 28 February 2026 and was coordinated by INTERPOL. Thirteen countries participated: Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the UAE.
The goal was to investigate and disrupt cybercrime infrastructure across the MENA region. This included identifying malicious servers, tracking suspects, protecting victims, and preventing further financial losses.
The operation focused mainly on:
- Phishing attacks
- Malware threats
- Online financial scams
- Compromised devices
- Criminal cyber infrastructure
- Phishing-as-a-service platforms
By the end of the operation, authorities had seized 53 servers and shared nearly 8,000 pieces of intelligence among participating countries.
Why This Operation Matters
Cybercrime is borderless by nature. A victim may be in one country, the server may be in another, the scammer may be operating from a third, and the stolen money may be moved through accounts across several more.
That makes cybercrime difficult to investigate using traditional law enforcement methods. Operation Ramz is significant because it shows how countries can work together to connect the pieces.
INTERPOL's Director of Cybercrime, Neal Jetton, described the operation as an example of global collaboration against criminals who exploit the digital world without borders. That point is key. Cybercriminals depend on gaps between jurisdictions. International cooperation closes those gaps.
The Main Threats Targeted
Phishing
Phishing remains one of the most common and effective forms of cybercrime. It usually involves tricking people into revealing sensitive information, such as passwords, banking details, or login credentials.
In Algeria, authorities dismantled a website offering phishing as a service. This means the site was not just running a single scam. It was providing tools, scripts, or services that allowed others to launch phishing attacks more easily.
This is a major concern because cybercrime has become increasingly commercialized. Criminals no longer need advanced technical skills to launch attacks. They can buy or rent tools from others.
Malware
Malware is malicious software designed to damage systems, steal information, spy on users, or take control of devices.
In Qatar, investigators found compromised devices that were being used to spread malicious threats. The device owners were not criminals. They were victims who did not know their computers or systems had been infected.
This highlights an important lesson: a compromised device can become part of a larger criminal network without the owner realizing it.
Online Investment Scams
One of the most serious cases came from Jordan. Police traced a computer being used in financial fraud scams. Victims were persuaded to invest through what appeared to be a legitimate trading platform. After they deposited money, the platform disappeared.
This type of scam is common because it combines professional-looking websites, fake promises of high returns, and psychological pressure. Victims often believe they are dealing with a real investment company until it is too late.
The Jordan case also revealed something even darker: 15 people found carrying out the scams were themselves victims of human trafficking. They had reportedly been recruited from Asian countries under false promises of employment, had their passports confiscated, and were forced or coerced into participating in the fraud.
This shows how cybercrime can overlap with other forms of organized crime, including exploitation and trafficking.
Key Country Highlights
Qatar
Authorities identified compromised devices being used to spread cyber threats. The owners were notified and the systems were secured. This case shows the importance of detecting infected devices before they cause wider harm.
Jordan
Police located a computer used in investment fraud scams. While 15 people were found operating the scheme, investigators determined they were victims of human trafficking. Two suspected organizers were arrested.
Oman
Investigators found a server in a private residence containing sensitive information. Although the owner had legitimate access to the data, the server had critical vulnerabilities, including malware infection. Authorities disabled the server to prevent further harm.
Algeria
A phishing-as-a-service website was identified and dismantled. Authorities seized a server, computer, mobile phone, and hard drives containing phishing tools. One suspect was arrested.
Morocco
Authorities seized computers, smartphones, and external hard drives containing banking data and phishing software. Three individuals are undergoing judicial procedures, with others still under investigation.
The Role of Private Sector Partners
Operation Ramz was not only a law enforcement effort. INTERPOL worked with several cybersecurity organizations, including Group-IB, Kaspersky, the Shadowserver Foundation, Team Cymru, and TrendAI.
This matters because private cybersecurity companies often have visibility into malware campaigns, malicious domains, botnets, phishing sites, and suspicious infrastructure. Law enforcement agencies can then use that intelligence to identify suspects, protect victims, and seize criminal assets.
Modern cybercrime investigations depend on this kind of public-private cooperation.
What Individuals Can Learn From Operation Ramz
Operation Ramz is a regional law enforcement success, but it also carries practical lessons for everyday internet users.
First, phishing remains a major threat. Be cautious with links in emails, text messages, and social media messages, especially if they ask for passwords, payment information, or urgent action.
Second, investment scams are becoming more convincing. A professional-looking website does not prove a company is legitimate. Always verify financial platforms through official regulators and trusted sources before sending money.
Third, keeping devices updated matters. Compromised devices can be used to spread malware or support criminal activity without the owner's knowledge.
Finally, cybercrime is not always what it appears to be. Some people involved in scam operations may also be victims of coercion or trafficking. That makes investigations more complex and shows why law enforcement must look beyond the surface.
What Organizations Should Take Away
Businesses, government agencies, and institutions in the MENA region should treat Operation Ramz as a warning.
Cybercriminals are actively targeting the region through phishing, malware, vulnerable servers, and financial fraud. Organizations should strengthen their defenses by improving patch management, monitoring for compromised systems, training employees to recognize phishing, and having clear incident response plans.
A single vulnerable server or infected device can expose sensitive information, damage public trust, and become part of a wider criminal operation.
A Milestone for Cybersecurity in the MENA Region
Operation Ramz was the first cyber operation of its scale coordinated by INTERPOL in the MENA region. Its results show both the size of the cybercrime problem and the value of coordinated action.
With 201 arrests, 382 suspects identified, 3,867 victims discovered, and 53 servers seized, the operation disrupted real criminal infrastructure. But it also revealed how complex cybercrime has become.
Today's cyber threats are technical, financial, social, and international all at once. Fighting them requires more than antivirus software or isolated police investigations. It requires cooperation between countries, cybersecurity experts, financial institutions, and the public.
Source: INTERPOL — 201 arrests in first-of-its-kind cybercrime operation in MENA region