A DataBreaches[.]Net post delves into RAMP, describing how Russia’s ransomware marketplace operated as a structured, commercial platform rather than a collection of isolated hackers. The leak covers activity from November 2021 to January 2024 and includes user records, forum threads, private messages, IP logs, and admin activity, revealing both public forum content and hidden conversations that helped turn posts into real attacks.
According to Comparitech, the full MySQL dump contains data spanning those dates and indicates a sizeable operation. The analysis found 7,707 registered users, 1,732 forum threads, 340,333 IP log records, 1,899 private conversations, and 3,875 private messages, underscoring the scale of the marketplace. The leak thus offers a rare look at how cybercrime functions when it is formalised and repeatable, with buyers and affiliates, access sales, ransomware advertisements, and negotiations conducted in private.