ACCORDING to Dark Reading, Rapid7 published an analysis of the ransomware ecosystem after US authorities seized infrastructure tied to the RAMP forum last month, with the seizure reportedly led by the FBI on 28 January. The piece notes that RAMP had long served as a primary marketplace for ransomware-as-a-service affiliates, but the sting prompted many cybercrime outfits to seek new ways to sell their offerings.
Rapid7 researchers identified two potential successor forums, while emphasising that the overall ecosystem remains fragmented and defenders must watch for actor migration, recruitment signals, and early regrouping indicators.
The article also highlights that after RAMP’s shutdown, forums such as T1erOne began to attract members with paid-entry and activity-proof requirements, and that parts of RAMP’s database leaked to facilitate new recruitment, with forums advertising RaaS offerings from groups like Qilin and Cry0. It notes that DragonForce, LockBit and Gentlemen have had a presence on the newer platforms, with active RaaS recruitment occurring on Rehub, which existed prior to RAMP’s closure.
Rapid7’s Raj Samani describes the evolving landscape as a future where smaller clusters consolidate around vetted spaces, and where financial incentives will rival the drive to lay low.