A Ghanaian financial institution has lost about USD 120000 in a ransomware attack that crippled its systems and locked up massive volumes of data, INTERPOL has revealed. The incident is part of a wider wave of financially motivated cyberattacks targeting African banks and businesses, exposed during “Operation Sentinel”, a coordinated enforcement drive spanning 19 African countries.
According to INTERPOL, the attackers encrypted an estimated 100 terabytes of data belonging to the Ghanaian institution, severely disrupting operations and blocking access to critical systems. Specialists later managed to recover nearly 30 terabytes through advanced malware analysis, but the financial theft underscored how profitable such ransomware campaigns have become for organised cybercriminal groups.
Operation Sentinel: Africa-Wide Cyber Crackdown
The Ghana case was one of many incidents mapped under Operation Sentinel, which focused on high-impact cybercrime, including ransomware, business email compromise and digital extortion schemes. Across the investigated cases, total reported losses exceeded USD 21 million, reflecting the growing scale of attacks on African financial and commercial infrastructure.
INTERPOL coordinated with national cybercrime units across 19 African states, sharing threat intelligence, indicators of compromise and analytical support to help unmask actors behind cross-border operations. The campaign led to 574 arrests and the recovery of around USD 3 million, even as investigators warned that actual economic damage is likely much higher than documented figures.
INTERPOL Warns of Rising Threat to Critical Sectors
INTERPOL’s Director of Cybercrime, Neal Jetton, cautioned that threat actors are increasingly zeroing in on sectors that hold sensitive data and large financial assets. He noted that the “scale and sophistication of cyberattacks across Africa are accelerating, especially against critical sectors like finance and energy,” stressing that Operation Sentinel’s outcomes show both the urgency of the threat and “the commitment of African law enforcement agencies, working in close coordination with international partners.”
The Ghana ransomware case illustrates a common pattern: institutions suffer both operational paralysis and direct monetary theft, with data exfiltration, encryption and financial fraud often happening in the same incident window. As digital banking adoption deepens across the continent, experts say that inadequate security controls, legacy infrastructure and limited incident response capacity make many institutions attractive targets.
Why This Matters for Banks and Regulators
For banks, the Ghana incident is a stark reminder that ransomware is no longer only about data; it is a blended threat that hits liquidity, reputation and regulatory risk at once. Institutions are being pushed to invest more in endpoint security, network monitoring, backup resilience and coordinated drills with national CERTs and law‑enforcement bodies.
For regulators and governments, Operation Sentinel’s figures strengthen the case for stricter cyber-risk supervision, sector-wide incident reporting norms and mandatory minimum security standards, especially in finance and energy. With cybercrime losses in Africa climbing into tens of millions of dollars, INTERPOL’s findings signal that coordinated, cross-border responses are now a necessity rather than an option.
