Global Authorities Take Down 45,000 Malicious IPs Used in Ransomware Campaigns
An unprecedented international law enforcement effort has successfully dismantled a major cybercrime network.
Coordinated by INTERPOL, this initiative targeted critical infrastructure used in global phishing, malware, and ransomware campaigns.
Operation Synergia III
This global crackdown, named “Operation Synergia III,” took place from July 18, 2025, to January 31, 2026.
The operation united law enforcement agencies from 72 countries and territories to disrupt the digital infrastructure powering modern cyber threats.
The results were substantial. Authorities took down over 45,000 malicious IP addresses and servers used by attackers and to host stolen data.
Physical raids across multiple jurisdictions led to the arrest of 94 individuals, with another 110 suspects under investigation. Authorities also seized 212 electronic devices and servers, crippling key cybercriminal operations.
INTERPOL served as the central intelligence hub for the operation, converting raw data into actionable intelligence.
By facilitating cross-border collaboration, the agency enabled coordinated tactical raids on major cybercrime locations.
Global Threat Disruption
While investigations continue, initial reports from participating nations highlight the diverse criminal tactics disrupted.
These networks enabled everything from corporate ransomware attacks to targeted social engineering schemes.
Key regional actions included:
- Authorities in Macau, China, dismantled over 33,000 phishing and fraudulent websites impersonating banks, government portals, and payment providers to steal credit card details.
- Police in Bangladesh executed a sweep leading to 40 arrests and seizure of 134 devices linked to job scams, identity theft, and credit card fraud.
- Law enforcement in Togo apprehended a 10-person fraud ring operating from a residential compound, specializing in social media hacking, sextortion, and romance scams.
- The Togo operation saw attackers breach accounts and impersonate victims to trick friends and family into transferring money.
Success depended heavily on cooperation between international police and private cybersecurity firms.
INTERPOL collaborated closely with industry leaders like Group-IB, Trend Micro, and S2W, who tracked illegal activities, identified malicious servers, and mapped emerging threats.
INTERPOL’s Cybercrime Directorate noted that while cyber threats grew increasingly sophisticated in 2026, this operation demonstrated the powerful results achievable through global cooperation.
By uniting law enforcement and private sector experts, authorities continue to dismantle criminal networks and safeguard digital infrastructure worldwide.