In a major cybercrime crackdown, U.S. authorities have seized control of a well-known ransomware forum called RAMP, short for Russian Anonymous Marketplace. The platform was widely used by ransomware gangs to advertise services, recruit partners, and trade stolen access to networks. After the operation, both its regular website and dark web domain were replaced with official seizure notices. The action shows that law enforcement agencies were able to take direct control of the forum’s infrastructure.
The seizure was carried out by the Federal Bureau of Investigation (FBI) along with the U.S. Attorney’s Office for the Southern District of Florida and the Department of Justice’s Computer Crime and Intellectual Property Section. Visitors to the site now see a banner stating that it has been seized by authorities. The notice clearly indicates that the platform is no longer under criminal control. This confirms that the takedown was an official law enforcement operation and not an internal shutdown.
RAMP was launched in 2021 and quickly became one of the few major Russian-language forums that openly allowed ransomware-related discussions. At a time when other underground platforms restricted ransomware content, RAMP positioned itself as a dedicated space for it. This made it highly attractive to ransomware operators and affiliates. Over time, it developed into a central hub within the cybercriminal ecosystem.
Several well-known ransomware groups used RAMP to promote their operations and recruit affiliates. Groups such as LockBit, ALPHV (BlackCat), Conti, DragonForce, and Qilin were associated with activity on the forum. Members used the platform to sell stolen data, share tools, and offer access to compromised systems. Because of this, RAMP became deeply connected to global ransomware campaigns.
Membership on RAMP was not completely open to everyone. New users often needed to provide proof of prior cybercrime activity or pay a fee before gaining full access. This vetting process helped maintain a level of trust among criminals operating on the forum. Despite these restrictions, the platform attracted thousands of users over the years. It became one of the most recognized ransomware-friendly marketplaces online.
After the seizure, a person claiming to be the forum’s administrator confirmed that law enforcement had taken control of the site. The administrator stated that years of work had been destroyed and suggested that the forum would not be rebuilt. Technical evidence also showed that the domain infrastructure was redirected to servers controlled by U.S. authorities. This further confirmed that the operation was legitimate and coordinated.
Security experts say the seizure could provide investigators with valuable intelligence. If authorities gained access to user databases, private messages, email addresses, and IP logs, this data could help identify individuals involved in ransomware activity. Such information may support future arrests or legal actions. However, officials have not publicly disclosed the full extent of what was recovered.
At the same time, researchers caution that shutting down one forum does not end ransomware operations. Criminal groups are known to adapt quickly and migrate to other platforms or private channels. In fact, activity has already started shifting to alternative underground forums. The RAMP seizure is a significant disruption, but the ransomware ecosystem continues to evolve rather than disappear.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
