Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: interpol (2 articles)Clear

Ransomware crews pose as Interpol to pressure small businesses into paying

Dark Reading reports a ransomware campaign that leans on impersonating Interpol to pressure small businesses, using straightforward social engineering rather than sophisticated tooling. By dressing up their demands as communications from the international police organization, the attackers try to intimidate owners and staff who may lack dedicated security teams into believing they are in legal trouble and paying up. The campaign spans several regions, including the United States, Europe, and the Middle East. It is a reminder that authority-themed impersonation remains effective against smaller organizations, where a convincing-looking notice can short-circuit normal caution and verification.

Check
Warn staff, especially at smaller organizations, that law-enforcement bodies like Interpol do not demand payment by email or pop-up, and that any such message should be verified through official channels before acting.
Affected
Small and mid-sized businesses without dedicated security teams, across the US, Europe, and the Middle East; attackers use Interpol-themed intimidation to rush victims into paying rather than verifying the demand's legitimacy.
Fix
Train employees to recognize authority-impersonation scams, verify any law-enforcement contact independently, maintain tested offline backups, and give staff a clear, judgment-free way to report suspicious demands before they act.

INTERPOL Operation Ramz disrupts MENA cybercrime: 201 arrests, 53 servers seized, 3,867 victims identified

INTERPOL says a coordinated operation called Ramz, run across 13 Middle East and North Africa countries, has produced 201 arrests, seized 53 servers, and identified 3,867 victims. Algerian authorities took down a phishing-as-a-service operation; Moroccan officials seized hard drives loaded with banking data and phishing kits; and Jordanian police uncovered 15 people running a fraudulent trading platform who turned out to be trafficking victims forced into the work. Group-IB and Team Cymru contributed intelligence on over 5,000 compromised accounts, including some tied to government systems. Participating countries included Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the UAE.

Check
Review phishing and credential-theft alerts for matches against the IP ranges in INTERPOL's advisory, especially for users with MENA business or travel ties.
Affected
Organizations with users, customers, or business operations in the 13 named MENA countries. Roughly 5,000 compromised accounts (including some tied to government infrastructure) were identified.
Fix
Force credential rotation for users matching the IoCs Group-IB shared. Coordinate with your local CSIRT for country-specific victim lists. Reinforce phishing-awareness training in MENA-facing teams.