RAMP — a mostly Russian-language online marketplace that touted itself as the “only place ransomware allowed” — had both its dark web and surface web sites seized by the FBI as the agency moves to counter the expanding threat to critical infrastructure and organizations globally.
When visited on Wednesday, both sites displayed pages stating the FBI had taken control of the RAMP domains, which were mirror images. RAMP had been one of the shrinking number of cybercrime forums operating with relative freedom after authorities dismantled other forums like XSS, whose leader was arrested last year by Europol. That removal left RAMP as a prominent venue where actors promoting ransomware and other online threats bought, sold, or traded tools and services.
Please be advised
“The Federal Bureau of Investigation has seized RAMP,” read a banner bearing the seals of the FBI and the Justice Department. “This action has been taken in coordination with the United States Attorney’s Office for the Southern District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice.” The banner included a graphic that appeared on RAMP prior to the seizure that described the site as the “only place ransomware allowed.”
Site screenshot
Site screenshot
RAMP launched in 2012 and was rebranded in 2021, according to security firm Rapid7. The platform served Russian-, Chinese- and English-speaking users and reportedly had more than 14,000 registered members, who either passed strict vetting or paid a $500 fee to participate anonymously. The forum hosted discussion boards, tutorials on cyberattacks, and a marketplace for malware and related services. Its chief administrator said the site earned about $250,000 a year in 2024.
