What is RAMP and why was it seized by the FBI?

RAMP was a predominantly Russian-language online bazaar operating on the dark web, known as the 'only place ransomware allowed.' The FBI seized its domains as part of an effort to combat ransomware threats.

When was the RAMP forum founded and how did it operate?

RAMP was founded in 2012 and rebranded in 2021. It served as a marketplace for malware and services, offering discussion groups and cyberattack tutorials to over 14,000 vetted users.

What is the implication of the FBI seizing RAMP's domains?

The seizure aims to disrupt the operations of cybercriminals by taking down a major hub for ransomware and illicit cyber services. DNS records indicate the FBI now controls the RAMP domains, potentially allowing access to sensitive site information.

Home / Crime and Justice / FBI Seizes Ransomware Bazaar RAMP

FBI Seizes Ransomware Bazaar RAMP

29 Jan

•

Summary

FBI seized the predominantly Russian-language RAMP dark web forum.
RAMP served as a marketplace for ransomware, malware, and services.
The forum was founded in 2012 and rebranded in 2021.

The FBI has successfully seized the dark web and clear web sites of RAMP, an online bazaar notorious for its explicit allowance of ransomware-related activities. This action marks a significant effort to combat the escalating global threat of ransomware impacting critical infrastructure.

RAMP, originally founded in 2012 and rebranded in 2021, had grown into one of the few remaining forums operating with impunity for cybercriminals. It catered to Russian, Chinese, and English speakers, boasting over 14,000 registered users who were either strictly vetted or paid a fee for anonymous access. The platform facilitated the exchange of malware and services.

While no arrests have been publicly announced, the seizure notice, featuring seals from the FBI and the Justice Department, indicated coordination with the U.S. Attorney's Office for the Southern District of Florida. DNS records now show FBI control over the RAMP domains, raising questions about potential access to user databases and the fate of its members.