INTERPOL ‘Operation Ramz’ Seizes 53 Malware, Phishing Servers

INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers

More than 200 individuals were arrested for cybercrime activities during INTERPOL's Operation Ramz, which focused on the Middle East and North Africa.

Law enforcement also identified another 382 suspects across 13 countries (Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the UAE).

In addition to the arrests, authorities seized 53 servers used for phishing, malware, and online fraud that affected at least 3,867 confirmed victims, as determined from nearly 8,000 intelligence packages retrieved from the equipment.

“The operation focused on neutralizing phishing and malware threats, as well as tackling cyber scams that inflict severe cost to the region,” reads the INTERPOL announcement.

INTERPOL collaborated with several private cybersecurity firms to track the malicious infrastructure, including Kaspersky, Group-IB, The Shadowserver Foundation, Team Cymru, and TrendAI.

Cybersecurity is Driving Organizations Toward Data Protection

Blancco Technology Group, the industry standard in data erasure and mobile lifecycle solutions, today released new research into hardware disposition attitudes and practices. The study shows that many organizations are destroying working devices at a high rate to protect against data leaks, even though many report confidence in their data sanitization processes.

The Blancco 2026 State of Data Sanitization Report is based on the responses of 1,460 cybersecurity, IT, compliance and sustainability leaders from across North America, Europe, and APAC. It unpacks how some of the world’s largest organizations are managing end-of-life devices and sensitive data amid changing regulations, evolving security strategies and AI adoption.

Data leaks remain a major issue

According to the survey, 38% of organizations have suffered a data leak in the last twelve months. The most common cause of a data leak was improper network configurations (46%), with a significant number due to redeployed devices or drives storing sensitive data (32%), lost devices (42%) and stolen devices (25%).

Law Firms Must Embed Cybersecurity in Governance to Protect Data

Law firms are especially attractive targets for data breaches given the volume and sensitivity of their data. In April, Jones Day became the latest victim of the “Silent Ransom Group,” a hacking ring that posted data from 10 of the firm’s clients.

A robust internal cybersecurity program is no longer enough. To protect themselves and their clients, law firms must prioritize rigorous due diligence of vendors, continuous monitoring, and a security-conscious culture that treats cyber risk as a core element of client service and professional responsibility.

Ethical Obligations

While ethics duties don’t impose strict liability for every incident, they require firms to use reasonable efforts to safeguard client information, detect and respond to incidents, communicate with affected clients, and supervise personnel and vendors appropriately.

The American Bar Association has long addressed ethical duties related to data breaches, including in Formal Opinions 477R and 483. The New York City Bar Association also issued guidance.

AI-Assisted Pro Se Litigation Requires Early In-House Scrutiny

Growing use of generative artificial intelligence by pro se parties in consumer finance litigation is compelling in-house counsel to consider seeking early guidance from trial courts.

More self represented filings have been arriving polished, requiring defendants to spend resources verifying whether the cited authorities exist and whether they support what the filer claims. That verification burden is now a recurring theme in both reporting and judicial commentary, especially as courts confront filings with the hallmarks of AI “hallucinations.”

This is an expensive trend, especially for consumer finance defendants. The result is immediate: more filings and more hearings. Because pro se litigants aren’t paying counsel, litigation costs can become asymmetrical and unnecessarily increase defense spending.

Courts increasingly are signaling that they want accountability that fits within existing doctrines, including disclosure of AI use and human verification of citations and factual assertions. Recent case law and administrative orders show that AI governance is expanding into confidentiality, protective orders, and discovery disputes about prompts and outputs.

Cyber Resilience is the New Business Continuity Plan

The contours of business disruption are changing. It can start with a ransomware incident, an identity compromise, a supplier outage, or a prolonged cloud failure in one unit, then spread across connected systems. Disruption can simultaneously affect operations, customer access, compliance and supplier relations.

This is why the backbone of business continuity is cyber resilience.

At its core, business continuity is also a risk management issue, as it also depends on how well an organization understands its critical processes, information dependencies, supplier exposure, cloud reliance, risk appetite, recovery priorities, and ability to operate when systems or data cannot be fully trusted.

The ISF Standard of Good Practice (SOGP) 2026 is an information security framework that covers this shift. It asks organizations to connect business continuity with governance, information risk, system resilience, security incident management, and testing to sufficiently align continuity with risk management.

OCC highlights AI as both cyber threat and defensive tool in spring risk report

On May 7, the OCC released its spring 2026 semiannual Risk Perspective report, identifying key risks facing the federal banking system. The OCC reported that bank earnings improved in 2025, supported by loan growth and a decline in funding costs, with balance sheets remaining strong and capital ratios and liquidity high by historical standards.

…

The OCC also highlighted operational and compliance risks, noting that AI has reshaped the cybersecurity environment by making it easier for bad actors to launch attacks and enabling faster, more complex intrusions targeting financial institutions, while also enabling new forms of fraud. At the same time, the report noted that banks choosing to incorporate more stringent security measures, such as multifactor authentication and timely patch management, and use AI-developed tools to support cybersecurity operations and vulnerability monitoring, will be better positioned to mitigate AI-enabled cyber risks.