Operation Ramz Seizes Malware Servers and Arrests 201 Suspects

Operation Ramz resulted in 201 arrests during a large international cybercrime crackdown coordinated by INTERPOL across the Middle East and North Africa region. Authorities also seized 53 servers connected to phishing operations, malware activity, and online fraud campaigns targeting thousands of victims.

The operation involved law enforcement agencies from 13 countries and became the first INTERPOL cybercrime initiative of this scale conducted across the MENA region. Investigators also identified thousands of victims and hundreds of additional suspects tied to cyber-enabled criminal operations.

INTERPOL Coordinated a Major Cybercrime Operation

Operation Ramz took place between October 2025 and February 2026 and focused on disrupting phishing infrastructure, malware campaigns, financial fraud schemes, and cybercrime networks operating across multiple countries.

Participating countries included Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the United Arab Emirates. INTERPOL said investigators exchanged nearly 8,000 intelligence reports and investigative data points during the operation.

Authorities also worked alongside cybersecurity companies and nonprofit threat intelligence groups to identify malicious infrastructure and compromised systems used during attacks.

The operation highlights how cybercrime investigations increasingly depend on international coordination because malicious infrastructure often spans multiple countries and hosting providers.

Authorities Seized Servers and Disrupted Fraud Networks

Investigators uncovered several major cybercrime operations during Operation Ramz. Authorities dismantled phishing platforms, disabled malware infrastructure, and seized servers connected to credential theft and online fraud activity.

In Algeria, authorities reportedly dismantled a phishing-as-a-service platform and arrested a suspect connected to the operation. Moroccan investigators seized electronic devices and storage systems containing phishing software and banking-related information.

Authorities in Oman disabled a compromised server reportedly containing sensitive information while also suffering from multiple security vulnerabilities. Investigators in Qatar identified infected devices that were unknowingly being used to spread malicious activity.

Jordanian authorities also uncovered a fraudulent investment operation tied to online financial scams. Investigators later determined that several individuals involved in the scheme were themselves victims of human trafficking after being recruited through false job offers.

Cybercrime Networks Continue Expanding

Operation Ramz demonstrates how phishing operations, malware distribution networks, and online fraud campaigns continue expanding globally. Cybercriminal groups increasingly rely on phishing kits, malware-as-a-service platforms, and compromised infrastructure to scale attacks quickly across regions.

Security researchers warn that modern cybercrime operations frequently abuse cloud services, hijacked servers, and compromised consumer devices to hide malicious activity. This creates significant challenges for law enforcement agencies attempting to track infrastructure across multiple jurisdictions.

INTERPOL said international intelligence sharing remains critical for disrupting cybercrime networks operating beyond national borders. Investigators believe multinational operations like Operation Ramz will become increasingly important as cybercrime groups continue expanding globally.

The operation also shows how public-private cooperation between law enforcement agencies and cybersecurity firms now plays a major role in identifying malicious infrastructure and preventing large-scale attacks.

Conclusion

Operation Ramz became one of the largest coordinated cybercrime crackdowns conducted across the MENA region. Authorities arrested 201 suspects, seized 53 servers, and disrupted phishing, malware, and fraud operations affecting thousands of victims.

The operation also highlights the growing importance of international cooperation in modern cybercrime investigations. As phishing campaigns and malware networks continue evolving across borders, global intelligence sharing and coordinated enforcement actions remain critical for disrupting cybercriminal infrastructure.