-
The Federal Bureau of Intelligence (FBI) has taken control of RAMP, a notorious cybercrime forum, with both its public and dark web sites taken down.
-
The forum’s administrator and some users confirmed the takedown, lamenting that ‘the freest forum in the world’ has been lost.
-
Thanks to this seizure by the FBI, one of the largest marketplaces for trading malware, negotiating ransomware transactions, and where hackers recruit new members has been disrupted.
This week, U.S. officials took a significant strike at the digital underground by shutting down a prominent cybercrime marketplace. Reports circulating on the web are claiming that the FBI has locked down a Russian-speaking forum devoted to cybercrime referred to as RAMP.
The creation of RAMP has removed what had been a central location for ransomware networks and hacking communities. Both the forum’s regular website and dark web sites now display official seizure notices.
Details of the RAMP Forum Takedown
The FBI and the US Attorney’s Office in Florida work together with the Department of Justice Cyber Crime Unit to take over the RAMP4u.io domain.
A notification saying THIS SITE HAS BEEN SEIZED is up for anyone attempting to visit the site to see. The notice also says that people can report cybercrime by submitting a tip.
Also, technical data shows that the website has been seized because its domain indicates that the website is now being hosted on the FBI server names with ns1.fbi.seized.gov and ns2.fbi.seized.gov as their respective name servers as of January 28, 2026.
Technical record showing FBI Seizure.
Admin Confirms the Forum Seizure
The forum administrator who goes by the pseudonym ‘Stallman’ validated the news. He posted a message in Russian on another underground forum called XSS.
He stated he was very sad over the loss. Stallman referred to RAMP as ‘the freest forum in the world’ and said that the takedown had destroyed many years of work that he had put into building the forum.
Message from the RAMP admin, Stallman on XSS (Source: CYPFER Senior Threat Analyst Katya Kandratovich)
“It’s a risk we all take,” he commented. He stated he will not attempt to recreate the forum from scratch again from scratch. This suggests a permanent end for this version of RAMP.
The FBI has not officially announced whether they have arrested anyone yet, so it’s still uncertain whether the main operators of the forum have been detained. For now, the FBI is collecting more information using its IC3.gov portal.
A Little About the Cybercrime Forum, RAMP
The name ‘RAMP’ has a history in the dark web. The original “Russian Anonymous Marketplace” launched around 2012. They created it as a dark web drug market inspired by the Silk Road.
Russian law enforcement took it down in 2017. That version never came back. It was a rare Russian action against a local darknet site.
A new forum using the RAMP name emerged in mid-2021. This version had a different focus. They rebranded it as a dedicated cybercrime platform.
It boldly marketed itself as ‘The Only Place Ransomware Allowed.’ Other major forums had banned such talks due to police pressure. RAMP welcomed them with open arms.
Who Sold Items on RAMP?
The forum became a one-stop shop for digital criminals. Its listings were a toolkit for modern cyberattacks.
The main services offered there are programs related to Ransomware-as-a-Service (RaaS). Hackers could rent malware and botnets there. They also sold custom exploits and “crypters” to hide malware.
Initial Access Brokers (IABs) listed hacked corporate networks for sale. There were auctions for leaked data and extortion deals. The forum also helped recruit insiders and partners.
This openness made RAMP a go-to spot. Other big groups like REvil were taken down, which attracted cybercriminals to them. The seizure is part of a widening crackdown on the ecosystem’s infrastructure, following actions like the Dutch shutdown of a key criminal host and the earlier takedown of the XSS.IS forum.
What Happens Next?
This story is still developing. US authorities have not yet made an official public statement. Authorities fully confirmed the seizure itself.
The big questions remain unanswered. Were any high-profile users or operators arrested? Will the community try to migrate to a new forum?
For now, a major marketplace for digital harm is offline. This takedown reminds us that even established cybercrime platforms cannot escape the eye of law enforcement. The action against RAMP follows a pattern of high-profile domain seizures, including the US Justice Department’s move against a Burma-based crypto scam network. RAMP’s seizure is a major blow to the entire ransomware ecosystem.
