A Ghanaian financial institution was hit by a major ransomware attack that encrypted vast volumes of data and disrupted critical services, INTERPOL has disclosed.

The incident emerged during Operation Sentinel, a coordinated cybercrime crackdown led by INTERPOL between October 27 and November 27 across 19 African countries, targeting business email compromise, digital extortion and ransomware schemes.

According to INTERPOL, the ransomware attack on the Ghanaian institution (name withheld) resulted in the encryption of 100 terabytes of data and the theft of approximately USD 120,000, severely affecting operations and access to sensitive systems.

Ghanaian authorities responded with advanced malware analysis, which enabled investigators to identify the specific ransomware strain used in the attack. This led to the development of a decryption tool that successfully recovered nearly 30 terabytes of encrypted data, significantly reducing the damage caused.

INTERPOL said multiple suspects linked to the attack have been arrested, as investigations continue into the wider criminal network behind the breach.

The case formed part of a broader operation that led to 574 arrests across Africa and the recovery of about USD 3 million in illicit proceeds, with financial losses linked to the investigated cases estimated at more than USD 21 million.

Neal Jetton, INTERPOL’s Director of Cybercrime, warned of the increasing sophistication of cyberattacks across the continent, particularly against essential sectors such as finance and energy.

“The scale and sophistication of cyberattacks across Africa are accelerating, especially against critical sectors like finance and energy. The outcomes from Operation Sentinel reflect the commitment of African law enforcement agencies, working in close coordination with international partners. Their actions have successfully protected livelihoods, secured sensitive personal data and preserved critical infrastructure,” he said.

INTERPOL noted that Operation Sentinel was conducted under the African Joint Operation against Cybercrime and supported by international partners, including private sector cybersecurity firms that provided technical assistance in tracing malicious activity and freezing illicit financial assets.

The attack has renewed calls for stronger cybersecurity frameworks and continuous investment in digital resilience within Ghana’s financial system as cybercriminals increasingly target institutions holding large volumes of sensitive data.