201 arrests, 53 servers seized and nearly 4,000 victims tied to criminal activity — that is the tally Interpol released after a four‑month, region‑wide sweep that it calls the first large‑scale effort of its kind in the Middle East and North Africa.
Operation Ramz: scope, timeline and headline results
Interpol coordinated Operation Ramz with 13 countries across the Middle East and North Africa over a four‑month period ending in February. The law enforcement campaign identified 382 suspects, led to 201 arrests, seized 53 servers and disrupted multiple cybercrime services, Interpol said. Authorities attributed the various malicious activities to nearly 4,000 victims. Investigators also gathered almost 8,000 pieces of data that were shared among participating countries to support ongoing probes.
“In a world where cybercriminals exploit the digital landscape without borders, Operation Rams demonstrates the effectiveness of global collaboration,” Neal Jetton, Interpol’s director of cybercrime, said in a statement.
Country actions: Jordan, Algeria, Morocco, Oman and Qatar
- Jordan: Police tracked down a computer involved in financial fraud scams and, during a raid, found 15 people carrying out the scams who were later determined to be victims of human trafficking. Officials said the victims had been recruited under false promises of employment from their home countries in Asia and had their passports confiscated upon arrival in Jordan. A pair of ringleaders who forced or coerced the victims were arrested, according to Interpol.
- Algeria: Authorities dismantled a phishing service by seizing a server and other devices linked to the operation.
- Morocco: Moroccan officials seized multiple devices containing banking data and software used for phishing operations.
- Oman: Investigators remediated a server that contained sensitive information, saying it had been infected with malware and compromised by vulnerabilities.
- Qatar: Investigators identified and secured multiple compromised devices that were being used, unbeknownst to their owners, to spread malicious threats.
Public–private collaborators and the data backbone
Interpol said multiple companies and organizations supported the effort by helping to track illegal cyber activities and identify malicious servers. Named partners included Group‑IB, Kaspersky, the Shadowserver Foundation, Team Cymru and Trend Micro. The operation pooled nearly 8,000 pieces of data for sharing among the participating countries — a raw information stream used to support arrests, server seizures and remediation actions.
Operation Ramz was supported by Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia and the United Arab Emirates.
Measured impacts: infrastructure takedowns and human harm
Interpol framed the campaign as both an infrastructure takedown and a victim‑centred enforcement action. On the infrastructure side, authorities seized 53 servers and disrupted multiple services, including phishing platforms and malware‑infected systems. On the human side, the Jordan raid exposed a trafficking ring that recruited victims from Asia, confiscated their passports and coerced them into financial fraud schemes — and resulted in arrests of the alleged ringleaders.
What this means for technologists, policymakers, and affected enterprises
- Technologists and security teams: The operation’s collection and sharing of almost 8,000 pieces of data and the remediation of compromised servers in Oman and Qatar point to the value of cross‑border telemetry and collaborative clean‑up; teams will rely on such shared indicators to prioritize patching, remove malware and block phishing infrastructure.
- Policymakers and law enforcement coordinators: Interpol’s characterization of Operation Ramz as a first large‑scale regional effort underscores how multinational coordination and private‑sector partnerships are being used to pursue transnational cybercrime and associated human‑trafficking crimes.
- Affected enterprises and payment processors: Seizures of devices containing banking data and phishing software in Morocco signal ongoing exposure risks for financial data and the need to monitor for infrastructure used to harvest credentials or propagate fraud.
Interpol concluded the public summary by emphasizing partnership and follow‑through. “Interpol is dedicated to working with its member countries and private sector partners to take down malicious infrastructure, disrupt criminal groups and bring perpetrators to justice,” Jetton said.
The operation raises concrete operational questions — how the shared dataset will be used to prevent recurrences, how prosecutions and victim support will proceed in each jurisdiction, and whether similar regional sweeps will follow — but the immediate outcome is clear: cross‑border intelligence, private‑sector feeds and coordinated raids produced arrests, server seizures and remediation across 13 countries.




