DARRIN E. JONES is the Executive Director of Partnerships and Planning at INTERPOL
From its position as an international crime-fighting organization, INTERPOL has witnessed the multiplication of ransomware threats around the globe and watched as individual countries use what limited resources they have to fight back. But those efforts needn’t be so fragmented, said Darrin E. Jones of INTERPOL.
In a conversation with FP Analytics, Jones spoke about the ways in which INTERPOL can help with cross-border cooperation, technical support, and legal frameworks—to harmonize the individual responses into a more coordinated effort. The following transcript has been edited for length and clarity.
FPA: From your vantage point at INTERPOL, how has the ransomware threat landscape evolved in recent years, and how has INTERPOL adapted accordingly?
Darrin E. Jones (DJ): Ransomware attacks consistently cause significant financial, operational, and psychological harm to victims. The losses can be staggering; in one notable incident, a company reportedly paid more than USD 75 million in ransom. Beyond their economic impact, attacks can significantly disrupt critical infrastructure and access to essential services. Over the past year alone, ransomware has hit schools, hospitals, airports, and government systems, disrupting the lives of millions.
Over the past few years, more countries have been adopting national cybersecurity strategies as it’s become clear that combating the wide range of cyber threats—including ransomware—needs to be a national priority.
Ransomware is a borderless crime that exploits gaps between jurisdictions and sectors. Confronting it requires an equally coordinated global response—one built on intelligence sharing, technological innovation, and trusted international partnerships. This is precisely where INTERPOL can help. Through its policing capabilities and global network, INTERPOL is committed to helping its 196 member countries respond effectively to the evolving ransomware threat landscape by preventing attacks, disrupting criminal networks, and strengthening collective resilience against a defining threat of the digital age.
FPA: How does INTERPOL coordinate and partner with governments, the private sector, and civil society to combat ransomware? What are some proven initiatives, and where is further collaboration needed?
DJ: Through its Gateway Initiative, a collaboration with trusted private-sector partners, INTERPOL has been able to gather actionable intelligence on criminal infrastructure and share it with member countries through its own secure communication network. This model plays a key role in designing and coordinating cross-border operations against cybercrime. For example, INTERPOL’s Operation Sentinel in 2025 highlights the power that strong collaboration between law enforcement and the private sector brings to the fight against cybercrime. Working with 19 countries across Africa and partner private companies, the INTERPOL-coordinated operation addressed several priority cyber threats, including ransomware. Through close collaboration, authorities were able to take down more than 6,000 malicious links, decrypt six ransomware variants, arrest more than 570 suspects, and recover approximately USD 3 million.
At the global level, Operation Synergia III—coordinated by INTERPOL between July 2025 and January 2026—targeted ransomware, phishing, and malware campaigns across the globe. The operation brought together law enforcement from 72 countries and territories and resulted in the dismantling of more than 45,000 malicious IP addresses and servers, the arrest of 94 individuals, and a further 110 suspects placed under investigation.
INTERPOL supports its member countries not only by facilitating intelligence exchange and operational coordination, but also through capacity building and training. To strengthen countries’ long-term investigative capacity and resilience, the cybercrime directorate delivers mobile training workshops, like the one on digital forensics held in Harare, Zimbabwe, in 2025.
Faced with the speed and sophistication of cybercriminal innovation, INTERPOL continues to evolve its support. It is currently working on new initiatives focusing on the industrialization of cybercrime and the growing role of artificial intelligence in criminal activity, with ransomware representing a central focus of these efforts.
FPA: What are the primary challenges INTERPOL faces in coordinating across its member countries and across sectors to prevent and respond to ransomware?
DJ: What makes ransomware particularly challenging to combat is that it does not operate as a collection of isolated incidents—it is fueled by an industrialized criminal ecosystem built on specialization, scale, and efficiency.
A key feature of this ecosystem is ransomware-as-a-service (RaaS), whereby developers provide ready-made tools, dashboards, and support, while affiliates conduct attacks in exchange for a fee or a share of the profits. This model allows even actors with limited technical expertise to run sophisticated campaigns. Combined with double and triple extortion tactics—where criminals encrypt systems while simultaneously stealing and threatening to leak sensitive data—RaaS has dramatically increased both the frequency and impact of attacks.
AI is supercharging this industrialization of ransomware. Threat actors are increasingly using AI to automate vulnerability discovery, refine social engineering tactics that enable access to targeted networks, and generate malicious scripts in real time. There are even reports of AI-powered chatbots being used to handle ransom negotiations, which eliminates language barriers and time zone delays. As the technology continues to evolve, threat actors will continue to find new ways of misusing AI to further scale their operations while lowering the technical barriers to entry.
FPA: How would you assess the strengths and weaknesses of existing international legal frameworks on cybercrime—including extradition treaties and mutual legal assistance mechanisms—to address ransomware?
DJ: In a word, fragmented. It’s no surprise nations have disparate laws and mechanisms for addressing different types of crime. However, in many countries, legislation has not kept pace with technology, making it difficult for law enforcement and prosecutors to effectively investigate and prosecute cybercrime. Similarly, while the mechanisms supporting mutual legal assistance are still viable, the transmission infrastructure and tracking mechanisms are woefully out of date. INTERPOL is currently exploring with its partners ways in which it could facilitate a more modern electronic process that would continue to respect sovereign requirements, privacy, and security but would greatly clarify and speed the process.
This fragmentation is in large part why INTERPOL passed a resolution at its 93rd session of the General Assembly in 2025 on “Supporting the Ratification and Implementation of the United Nations Convention Against Cybercrime and Promoting the Role of INTERPOL.” This resolution speaks to the need for the harmonization of legislation and better cross-border coordination; it encourages member countries to make fuller use of INTERPOL’s secured communication channels, programs, and technical assistance.
FPA: When legal frameworks are inadequate, what options do Interpol and national authorities have to pursue and hold accountable cybercriminals?
DJ: There are always avenues in legal frameworks to prosecute cybercriminals, whether they have committed ordinary offenses through the web or cyber-typical offenses (such as hacking). What INTERPOL offers is a unique secure and neutral platform to obtain and request critical information that will help national police and judicial authorities bring cybercriminals to justice. Such information can be obtained through INTERPOL notices, which are international requests for cooperation. The U.N. Convention Against Cybercrime encourages this, noting that member countries should use INTERPOL’s channels to “facilitate the secure and rapid exchange of information.” In addition, INTERPOL offers analytical support to investigations through its Cybercrime Crime Analysis File.
Furthermore, INTERPOL provides capacity-building initiatives and technical and operational assistance. Its cybercrime collaboration services are designed to support timely, intelligence-based communication among police and relevant partners. In particular, Project Global Action on Cybercrime Enhanced explicitly aims to strengthen states’ ability to apply cybercrime and electronic-evidence legislation, promote consistent cybercrime laws and strategies, and build law enforcement capacity.
FPA: How does INTERPOL approach the issue of safe havens for cybercrime? What options does it have when a state does not cooperate with international law enforcement or actively facilitates cybercrime?
DJ: INTERPOL addresses cybercrime safe havens through a layered global approach anchored in its network of 196 member countries and seven regional bureaus. Its dedicated cybercrime directorate coordinates major cross-border operations, which simultaneously target cybercriminal networks across dozens of jurisdictions, while its I-24/7 secure communications network enables real-time intelligence sharing among National Central Bureaus worldwide. INTERPOL notices and diffusions are particularly powerful tools, as they ensure that criminals face arrest or detention across multiple jurisdictions, effectively shrinking any safe havens. Through the Gateway Initiative, which provides a secure, legal framework for sharing cyber threat intelligence between Interpol and trusted private-sector partners—including leading private cybersecurity firms—INTERPOL can also gather actionable intelligence on criminal infrastructure independently. And as cybercrime infrastructure, victims, and threat actors are often dispersed globally, through operations on the ground, Interpol is also able to target enabling infrastructure, disrupting the ability of threat actors to perpetrate cybercrime.
At the same time, INTERPOL is not a supranational police force. Its constitution is built around national sovereignty, neutrality, and cooperation within domestic law: Article 2 limits assistance to what is compatible with national laws; Article 3 prohibits political interventions; and Article 31 makes clear that member countries participate within the limits of their own legislations. Notices themselves are requests for cooperation, not enforcement orders. So when a state does not cooperate, INTERPOL cannot compel arrests or force judicial action. What it can do is help law enforcement authorities with effective collaboration by opening parallel investigations in cooperative jurisdictions; targeting servers, domains, and other infrastructure located elsewhere; circulating global alerts; and continuing to build stronger international norms and legal frameworks so the possibility of practical impunity keeps shrinking.
FPA: How central is the victim experience to how INTERPOL frames and prioritizes its cybercrime work? Can you give an example where the victim impact shaped how INTERPOL responded to cybercrime?
DJ: The victim experience occupies an increasingly central place in the framing of INTERPOL’s cybercrime work, which has progressively shifted from purely law enforcement and disruption to the human and economic harm caused to victims.
Even words matter when it comes to the victim experience. Back in 2024, INTERPOL called for a shift in language to combat online relationship and investment frauds, urging to stop using the stigmatizing term ‘pig butchering’, which dehumanizes and shames victims. The term comes from fraudsters referring to their victims as ‘pigs’, who are lured into a fake romance or friendship before being ‘butchered’, i.e. convinced to invest. Once victims invest significant sums of money, they are manipulated further or abruptly cut off, often leaving them with devastating financial losses and psychological harm.
If we keep this narrative of victims having done something wrong, it means that they are potentially less likely to report it to their friends and family and come forward to the authorities to seek help. To prioritize respect and empathy for the victims, INTERPOL recommended using the term ‘romance baiting’, which acknowledges the sophisticated tactics and emotional manipulation used by fraudsters to build trust with their victims. This term places the spotlight squarely where it belongs: on the actions of the criminals, rather than those of the victims.
Operation Secure, conducted in 2025, is a great example of how we balance the enforcement action with the victim-protection element. The operation brought 26 countries together to target infostealer malware and related infrastructure, resulting in the takedown of more than 20,000 malicious IPs and domains, the seizure of 41 servers, and 32 arrests. But we did not stop there. After the operation, authorities notified more than 216,000 victims and potential victims so they could change passwords, freeze accounts, or remove unauthorized access before further harm occurred.
The operation showed the power of intelligence sharing in preventing large-scale harm to both individuals and businesses. That is a good illustration of how victim impact is shaping both how Interpol prioritizes cases and how it defines operational success.
Darrin E. Jones is Executive Director of Partnerships and Planning at INTERPOL, a position he has held since 2023. He began his career at the FBI in September 1997; over the course of 26 years, his many assignments have included chief of the Communications Intercept Section of the Operational Technology Division; Assistant Director in the IT Infrastructure Division; and Executive Assistant Director of the Science & Technology Branch. In May 2022, Jones returned to his home in Kansas City, briefly serving as Assistant Director for Strategic Technology Policy before taking up his current secondment at Interpol in Lyon, France.
Lisa Monaco
Ransomware Attacks Demand a Genuinely Global Response
Organizations should not be left to navigate ransomware alone.
Max Smeets
The Uncomfortable Truth About the Fight Against Ransomware
Many countermeasures used by governments to tackle cybercrime turn out to be only temporarily effective. Instead, defenders must find a way to disrupt how the ransomware ecosystem functions.
Claudia Plattner
‘If You Hit One of Us, You Hit All of Us’
Sharing information when ransomware attacks hit is critical to protecting future victims
Dr. Bruce Watson
Ransomware Is a Strategic Threat. We Need to Treat It Like One.
The industrialization of cybercrime demands a response that matches its scale—one that bridges the divides among governments, the private sector, and the technical community. Canada offers a playbook to lead that response.
Anne Marie Engtoft Meldgaard
Disrupting Ransomware Through Tech Diplomacy
Countries need to be nimbler to combat increasing and evolving cybercrime threats.
Amy Hogan-Burney
Ransomware Attacks Are No Longer Just About Profit. They’re Also About Politics.
Multistakeholder collaboration is crucial to stemming this evolving threat.
Francesca Bosco
Ransomware Attacks Aren’t Just Technical—They Are Profoundly Human
As countries around the world face these growing threats, it’s vital to prioritize the protection of people and essential services.