INTERPOL uncovers $120k ransomware attack on Ghanaian financial institution
27th December 2025
A Ghanaian financial institution has been left reeling after a sophisticated ransomware attack encrypted enormous volumes of data, crippled key services and siphoned thousands of dollars, according to fresh disclosures by INTERPOL.
The cyberattack came to light during Operation Sentinel, a month-long, INTERPOL-led cybercrime crackdown carried out between October 27 and November 27 across 19 African countries, targeting business email compromise, digital extortion and ransomware operations.
INTERPOL revealed that the unnamed Ghanaian institution suffered the encryption of about 100 terabytes of data, while cybercriminals stole an estimated US$120,000, significantly disrupting access to critical systems and day-to-day operations.
In response, Ghanaian authorities deployed advanced malware analysis techniques that enabled investigators to identify the specific ransomware strain used in the breach. This breakthrough led to the development of a customised decryption tool, allowing officials to recover nearly 30 terabytes of encrypted data, substantially limiting the overall damage.
INTERPOL said several suspects connected to the attack have since been arrested, with investigations ongoing to dismantle the wider criminal network behind the operation.
The Ghana case was one of hundreds uncovered under Operation Sentinel, which resulted in 574 arrests across Africa, the recovery of approximately US$3 million in illicit proceeds, and the identification of cybercrime-related losses estimated at more than US$21 million.
INTERPOL’s Director of Cybercrime, Neal Jetton, warned that cyberattacks on the continent are becoming more complex and increasingly targeted at critical sectors.
“The scale and sophistication of cyberattacks across Africa are accelerating, especially against critical sectors like finance and energy,” he said. “The results of Operation Sentinel demonstrate how coordinated action by African law enforcement agencies and international partners can protect livelihoods, secure sensitive personal data and preserve critical infrastructure.”
INTERPOL noted that the operation was conducted under the African Joint Operation against Cybercrime and supported by international partners, including private-sector cybersecurity firms that assisted in tracing malicious activity and freezing criminal assets.
The incident has reignited concerns about cybersecurity vulnerabilities within Ghana’s financial sector, prompting renewed calls for stronger digital security frameworks and sustained investment in cyber resilience as institutions increasingly become prime targets for organised cybercriminals.