QR Phishing Surges, Sentinel Targets Cybercrime, Ghanaian Bank Ransomware

Cyber incidents this week focused on QR code phishing scams, neutralizing African cybercrime groups, and a major ransomware attack on a Ghanaian bank. While Kaspersky discovered an upsurge in QR code phishing, Operation Sentinel disrupted major cybercrime groups. 

Meanwhile, the Ghanaian bank suffered a major ransomware attack as cybercrooks managed to wipe away USD 120,000.

Kaspersky found a 5x boost in QR code phishing scams!

A group of researchers at Kaspersky has found a massive 5x spike in QR code phishing in the second half of 2025. While the number of QR phishing attempts in August 2025 was 46,969, the number jumped to a whopping 249,723 by November. These malicious QR codes are mostly used in emails as they make it extremely easy and feasible for threat actors to hide fake URLs and go undetected by security solutions.

Generally, such fake QR codes are used within email attachments or embedded directly in email content. Use of QR codes is eventually gaining popularity because they successfully mask phishing links, do not give rise to suspicion, and also encourage users to scan the codes using their smartphones. Most of the time, smartphones tend to be less protected than PCs.

When a victim scans a malicious QR code, they can be redirected to:

• False HR notifications urging the victim to sign or evaluate any document
• Phishing forms that look like the login pages for internal corporate portals or Microsoft accounts
• Purchase confirmations or fake invoices in the form of malicious attachments (often combined with sophisticated vishing techniques)

QR code phishing aims to penetrate deep into everyday business communications to carry out financial fraud, account hijacking, credential theft, data breaches, and so on. To safeguard data from such threat campaigns, one can use renowned, reliable mail server solutions. Also, being extra careful with email communications and avoiding any email that seems suspicious can help safeguard business communications in the long run. 

DMARC, SPF, and DKIM continue to play a critical role in modern cybersecurity by helping organizationsprevent email spoofing, reduce phishing attacks, and strengthen trust in digital communications worldwide.

Operation Sentinel cracks down on African cybercriminal groups!

Operation Sentinel is a major cybercrime law enforcement operation involving multiple nations. The cyber operation was led by Interpol. 

This one-of-a-kind cyber crackdown took place across 19 nations and resulted in to arrest of 574 suspects. The team also seized equipment and devices worth$3 million. Over 6000 malicious links have been taken down. A thorough investigation was conducted to decrypt six ransomware variants. 

Operation Sentinel is the answer to the “sharp rise” in cyber mishaps across Africa. Jalel Chelba, the acting executive director of Afripol, believes that cybersecurity is integral for maintaining peace, stability, and sustainable development in Africa.

Operation Sentinel spanned from October 27 to November 27, 2025. It followed the African Joint Operation against Cybercrime (AFJOC) framework. Nations such as Nigeria, Ghana, Kenya, South Africa, Senegal, and Benin joined forces to disrupt cybercriminal infrastructure. This initiative was supported by the United Kingdom’s Foreign, Commonwealth and Development Office. Their core focus was on three major cybercrime categories: ransomware attacks, BEC schemes, and digital extortion campaigns. 

The cases investigated have incurred losses worth $21 million. Experts believe that strategic risk reduction is possible through enforcing DMARC and MFA. Running BEC and ransomware response exercises on a regular interval can also be a smart move.

A Ghanaian bank suffered a major ransomware attack!

A Ghanaian financial institution has suffered a major ransomware attack, leading to a theft worth USD 120,000. This cyber incident is a staggering reminder of the increasing vulnerability of financial institutions to threat actors across Africa.

This Ghana bank incident came to the forefront while 19 countries together were carrying out Operation Sentinel. 

According to Interpol, data totaling 100 terabytes has been encrypted. The cyber incident has disrupted major operations and limited access to crucial systems.

The Ghanaian authority was later able to recover 30 terabytes worth of data by leveraging advanced malware analysis. 

Neal Jatton, the Director of Cybercrime, has urged businesses and enterprises to stay vigilant and take preventive measures, as threat actors are more likely to target sectors that hold large amounts of financial assets and sensitive data. Cybersecurity experts believe that lately, cybercriminals have been working hard to make their attacks look more sophisticated. Embracing digital banking haphazardly, without any structure or planning, minimal incident response capacity, and outdated security infrastructure, makes these institutions a lucrative target for threat actors. 

The Ghana incident is a crucial reminder for banks that modern threat campaigns are designed to attack regulatory compliance and liquidity, and to shake the faith of the common man. Monitoring money trails, identifying anomalies, and ensuring the accuracy of financial record management are no longer luxuries. Rather, they are non-negotiable components of a foolproof cybersafety mechanism.