INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers

18 May 2026, 22:15 by Bill Toulas · BleepingComputer

More than 200 individuals were arrested for cybercrime activities during INTERPOL's Operation Ramz, which focused on the Middle East and North Africa.

Law enforcement also identified another 382 suspects across 13 countries (Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the UAE).

In addition to the arrests, authorities seized 53 servers used for phishing, malware, and online fraud that affected at least 3,867 confirmed victims, as determined from nearly 8,000 intelligence packages retrieved from the equipment.

“The operation focused on neutralizing phishing and malware threats, as well as tackling cyber scams that inflict severe cost to the region,” reads the INTERPOL announcement.

Seized devices in Jordan
Source: INTERPOL

INTERPOL collaborated with several private cybersecurity firms to track the malicious infrastructure, including Kaspersky, Group-IB, The Shadowserver Foundation, Team Cymru, and TrendAI.

Some highlights of ‘Operation Ramz’ include:

securing compromised devices unknowingly used to spread malware in Qatar
dismantling an investment scam operation in Jordan, where 15 trafficked workers from Asia were forced to run fraud schemes; two organizers were arrested
disabling a vulnerable malware-infected server containing sensitive data in Oman
shutting down a phishing-as-a-service platform in Algeria and arresting one suspect
seizing devices and banking data linked to phishing operations in Morocco, with multiple suspects under judicial investigation

This is the third major cybercrime crackdown operation INTERPOL has concluded this year.

In March, the authorities announced ‘Operation Synergia III,’ which resulted in sinkholing 45,000 malicious IP addresses, the seizure of 212 devices and servers, and the arrest of 94 individuals across 72 countries, for participating in phishing, hacking, fraud, and malware distribution.

Earlier, in February, INTERPOL announced the arrest of 651 suspects across 16 African countries, as part of ‘Operation Red Card 2.0,’ targeting investment fraud, mobile money scams, and fake loan apps linked to more than $45 million in losses.

The Validation Gap: Automated Pentesting Answers One Question. You Need Six.

Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.

This guide covers the 6 surfaces you actually need to validate.

Download Now