RAMP – a predominantly Russian-language online marketplace that bills itself as “the only place that allows ransomware” – has had its dark web and clear web sites seized by the FBI as the agency tries to deal with the growing crisis threatening critical infrastructure and organizations around the world.
A visit to both sites Wednesday found pages saying the FBI had taken control of the RAMP domain, which mirrored each other. RAMP has been one of a dwindling number of online crime forums that operate with impunity, following the takedown of other platforms such as XSS, whose leader was arrested by Europol last year. The vacuum has made RAMP one of the leading places for people who promote ransomware and other online threats to buy, sell or trade products and services.
I regret to inform you
A banner bearing the seal of the FBI and Justice Department said, “RAMP has been seized by the Federal Bureau of Investigation.” “This action was taken in coordination with the United States Attorney’s Office for the Southern District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice.” The banner included a graphic that had appeared on the RAMP site, before it was seized, which introduced itself as “the only place where ransomware is allowed.”
screenshot
According to security firm Rapid7, RAMP was founded in 2012 and rebranded in 2021. The platform catered to Russian, Chinese and English speakers and counted more than 14,000 registered users, who had to undergo strict vetting before being accepted or pay a $500 fee for anonymous participation. The forum provided discussion groups, cyber attack tutorials, and a marketplace for malware and services. Its chief administrator said the site earned $250,000 annually in 2024.
<a href