RAMP , the predominantly Russian-language online bazaar that billed itself as the “only place ransomware allowed,” has been seized by the FBI, with both its dark web and clear web sites taken over. Visits to the sites on Wednesday showed the FBI had assumed control of the RAMP domains, which mirrored each other, and DNS records now point to FBI servers.
According to security firm Rapid 7, RAMP was founded in 2012 and rebranded in 2021, serving Russian, Chinese, and English speakers and counting more than 14,000 registered users who paid a $500 fee for anonymous participation. The forum provided discussion groups, cyberattack tutorials, and a marketplace for malware and services, and its chief administrator claimed in 2024 that the site earned $250,000 annually.
A banner on the seized site stated the FBI and the Department of Justice had taken control, in coordination with the U.S. Attorney’s Office for the Southern District of Florida and the Computer Crime and Intellectual Property Section, although US authorities have yet to issue a formal statement. There’s no word of arrests, and the seizure notice invites tips through the FBI’s IC3 portal.