FBI Seizes RAMP: Dark Web Marketplace for Ransomware Shut Down
Table of Contents
The FBI has dismantled RAMP, a notorious online bazaar that openly advertised itself as “the only place ransomware allowed,” in a major crackdown on cybercrime. The agency took control of the forum’s dark web and clear web sites on Wednesday, signaling a significant escalation in efforts to combat the rising threat of ransomware targeting critical infrastructure and organizations globally.
The takedown underscores the increasing pressure on online criminal forums as law enforcement agencies worldwide seek to disrupt the cybercrime ecosystem. Visits to both RAMP domains now redirect to a page displaying a banner confirming the FBI’s seizure, mirroring the message across both platforms.
A Hub for Cybercriminals
RAMP had become a leading destination for individuals involved in the development, sale, and deployment of ransomware and other malicious tools. The forum filled a void left by the dismantling of other prominent platforms like XSS, whose leader was arrested by Europol last year. This created a power vacuum that RAMP quickly exploited, becoming a central hub for the trade of illicit cyber services.
“The Federal Bureau of Investigation has seized RAMP,” the banner on the seized sites declared, further stating the action was coordinated with the United States Attorney’s Office for the Southern District of Florida and the Department of Justice’s Computer Crime and Intellectual Property Section. The banner also prominently featured the forum’s own branding, highlighting its unique and disturbing self-identification.
Exclusive Access and a Thriving Economy
Founded in 2012 and rebranded in 2021, according to security firm Rapid 7, RAMP catered to a multilingual audience, supporting Russian, Chinese, and English speakers. Access to the forum was highly selective, requiring potential members to undergo a rigorous vetting process or pay a $500 fee for anonymous participation.
The platform boasted over 14,000 registered users and offered a comprehensive range of resources for cybercriminals, including discussion forums, detailed cyberattack tutorials, and a marketplace for buying and selling malware and related services. One administrator reportedly stated in 2024 that the site generated $250,000 in annual revenue, demonstrating the profitability of facilitating illicit cyber activity.
The seizure of RAMP represents a significant blow to the ransomware ecosystem, but experts caution that it is unlikely to be a permanent solution. Criminals will inevitably seek to establish new platforms, necessitating continued vigilance and proactive measures from law enforcement and the cybersecurity community.
.
