RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace explains that a leaked database from RAMP covers activity from November 2021 to January 2024 and includes user records, forum threads, private messages, IP logs, and admin activity. The data reveal 7,707 registered users, 1,732 forum threads, 340,333 IP log records, 1,899 private conversations, and 3,875 private messages, illustrating a large criminal marketplace rather than a small subset of actors.
The leak shows 14 RaaS programs advertised and references to 250+ leak sites, with 333 threads offering access to compromised corporate networks and 60 threads in its ransomware-as-a-service section, indicating a structured, scalable ecosystem. The analysis notes the United States appears in 40% of listings where a country could be identified, with government agencies among the most targeted sectors, followed by finance and technology.
The private conversations reveal deals negotiated behind the scenes, where access was sold and partnerships formed, underscoring that ransomware markets move from advertisement to execution. According to Comparitech’s analysis, these figures come from a MySQL database dump of the RAMP XenForo installation, and the dataset was not independently verified against live sources.