FBI Seizes Major Hub for Online Criminal Activity
â–¼ Summary
– The FBI seized the dark web and clear web domains of the Russian-language cybercrime forum RAMP, which billed itself as the “only place ransomware allowed.”
– This action was part of an effort to combat ransomware, a growing global threat to critical infrastructure and organizations.
– RAMP had become a leading marketplace for ransomware and other cyber threats after the takedown of rival forums like XSS.
– The forum, founded in 2012, had over 14,000 registered users and offered discussion groups, tutorials, and a marketplace for malware.
– RAMP required strict user vetting or a $500 fee for anonymous access, and its administrator claimed it earned $250,000 annually.
In a significant blow to the global cybercrime ecosystem, the Federal Bureau of Investigation has seized control of the notorious RAMP dark web forum. This platform, which openly advertised itself as the “only place ransomware allowed,” served as a major hub for criminal activity, facilitating the trade of malicious software and services that threaten organizations and critical infrastructure worldwide. The takedown marks a critical step in ongoing international efforts to disrupt the ransomware economy.
Visitors to both the dark web and clear web versions of the RAMP site were met with a seizure notice on Wednesday. The banner displayed the official seals of the FBI and the U.S. Department of Justice, announcing the coordinated enforcement action. The notice stated the operation was conducted alongside the United States Attorney’s Office for the Southern District of Florida and the Justice Department’s Computer Crime and Intellectual Property Section. This graphic replaced the forum’s original branding, which had brazenly promoted its ransomware-friendly policy.
The seizure of RAMP fills a void created by the recent dismantling of other major cybercrime forums. Following the arrest of its leader by Europol last year, the shutdown of the XSS forum left RAMP as one of the few remaining prominent marketplaces operating with relative impunity. It became a leading destination for threat actors to buy, sell, and trade ransomware tools, hacking services, and stolen data. The forum’s closure disrupts a key channel for cybercriminals to collaborate and monetize their attacks.
According to analysis from cybersecurity firm Rapid7, RAMP was originally founded in 2012 and underwent a rebranding in 2021. The platform catered primarily to Russian, Chinese, and English speakers, boasting a registered user base exceeding 14,000 individuals. Prospective members faced a strict vetting process or could pay a $500 fee for anonymous participation, which helped the forum maintain a degree of security and exclusivity. Within its digital walls, users had access to discussion groups, cyberattack tutorials, and a bustling marketplace for malware and associated services.
The forum’s financial scale was substantial. Its chief administrator claimed earlier this year that RAMP generated approximately $250,000 in annual revenue. This income stream underscores the lucrative nature of these illicit platforms and the persistent financial incentives driving the ransomware threat. The FBI’s seizure not only halts this revenue but also provides investigators with valuable intelligence on the forum’s operations and its user base, potentially leading to further arrests and disruptions in the future.
(Source: Ars Technica)
