Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

RAMP ransomware forum goes dark in probable FBI sting | Computer Weekly

By Computer Weekly by By Computer Weekly
January 29, 2026
Home Uncategorized
Share on FacebookShare on Twitter


The Russian-speaking RAMP cyber crime forum – one of the most significant players in the underground cyber criminal ecosystem – has gone dark following what appears to be major action by the US authorities.

Although at the time of writing, no official announcement has been made by the Americans, within the past 24 hours both RAMP’s dark and public web sites have been replaced with seizure notices stating the action was taken under the auspices of the FBI, the US Attorney’s Office for the Southern District of Florida, and the Department of Justice’s (DoJ’s) Computer Crime and Intellectual Property Section.

It is not unheard of for cyber criminals to fake takedowns, often amid juvenile theatrics, to start over with a ‘clean’ slate, but initial reports appear to verify the authenticity of the takedown, with DNS records showing RAMP’s web domains now point to FBI infrastructure.

The alleged operator of RAMP, a hacker going by the handle Stallman, who according to Recorded Future took over its operations about four years ago, also stated the forum was no more.

In a post on the XSS hacking forum, translated from the original Russian, Stallman said the takedown had “destroyed years of my work”.

“Although I hoped that this day would never come, deep down I always understood that it was possible. This is the risk we all take,” they wrote.

Set up around 2021, RAMP operated as both a discussion forum and an underground marketplace, with ransomware kits, malware, alongside a library of ransomware guides and tutorials for newbies.

Access to the forum was tightly restricted, with minimum activity levels required and access and registration fees payable, but at its height it still boasted several thousand members, according to a summer 2024 analysis by Rapid7, which described the RAMP community as a “critical resource” for threat actors. At the time, it supposedly had revenues of about $250,000.

Limited long-term impact

Daniel Wilcock, threat intelligence analyst at Talion, described the takedown as a big win for the good guys. However, he said, RAMP’s denizens are likely to turn to alternatives, so the long-term impact on the wider criminal ecosystem will be limited.

“But all is not lost,” he said. “While this doesn’t signal the end of ransomware, law enforcement will be able to gain valuable information from the seizure around the threat actors using the services, such as their emails and IP addresses plus access to the financial transactions that took place on the market.

“This could support further law enforcement action against the threat actors that used the site, but given that RAMP was heavily used by Russian criminals it’s highly unlikely we will see many actual arrests.” 

A blow to Russian intel?

Writing on LinkedIn, Yelisey Bohuslavskiy, a partner at threat intel specialist RedSense, laid out more of RAMP’s backstory and some of the more nuanced lore surrounding the forum.

He said it was an open secret that RAMP had close ties to individuals closely affiliated with the Russian security services and was set up as part of a response to the rapid growth of the ransomware-as-a-service (RaaS) model in 2020 and 2021.

This was a period during which rapid diversification and the emergence of new ransomware affiliates made it harder for the Russians to keep tabs on what was going on, compared to in the years immediately prior when the scene was dominated by organised big name gangs like Conti, ReVIL and so on.

Bohuslavskiy said this strategy had paid off in spades because RAMP incentivised these new affiliates and small-time cyber crooks to make themselves visible to the authorities.

He said that in the short-term, the takedown would indeed prove highly disruptive to the ransomware market as lower-level actors would lose both access and publicity, while the access brokers and vendors of loaders and other hacking tools who also frequent RAMP would also see their cashflow disrupted. For the remaining big name gangs, however, not much would change.

But, added Bohuslavskiy: “Russian security services… will lose some visibility into ransomware processes and sellers.”

He also predicted that Stallman – whoever they may be – will probably be arrested soon as they are now a wasted asset.



Source link

By Computer Weekly

By Computer Weekly

Next Post
Stocks making the biggest moves premarket: Meta, Caterpillar, IBM, Royal Caribbean & more

Stocks making the biggest moves premarket: Meta, Caterpillar, IBM, Royal Caribbean & more

Recommended.

Le portefeuille SuperPoD de Huawei ouvre de nouvelles perspectives pour le marché mondial de l’informatique au salon MWC Barcelone 2026

Le portefeuille SuperPoD de Huawei ouvre de nouvelles perspectives pour le marché mondial de l’informatique au salon MWC Barcelone 2026

March 1, 2026
Verizon Vs. AT&T: How The Carrier Giants Fared In Q3 2025

Verizon Vs. AT&T: How The Carrier Giants Fared In Q3 2025

October 29, 2025

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
OpenTable Launches All-in-One Marketplace for Private and Group Dining

OpenTable Launches All-in-One Marketplace for Private and Group Dining

September 16, 2025

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio