FBI takes notorious RAMP ransomware forum offline

INDUSTRY NEWS 2 min read FBI takes notorious RAMP ransomware forum offline Graham CLULEY January 31, 2026 Promo Protect all your devices, without slowing them down. Free 30-day trial The FBI has seized control of RAMP, a notorious cybercrime online forum that bragged to be "the only place ransomware allowed." Both the forum's presence on the dark web and on its regular website domain now display a notice from the FBI announced that it has been taken over by the law enforcement agency. According to the message posted on the seized websites, it was seized by the FBI in collaboration with the US Attorney’s Office for the Southern District of Florida and the US Justice Department’s Computer Crime and Intellectual Property Section (CCIPS). The seizure banner comes complete with a cheeky addition - a winking Masha from the popular Russian children's TV cartoon series "Masha and the Bear." Sure enough, RAMP's nameservers now point to ns1.fbi.seized.gov and ns2.fbi.seized.gov, confirming they have been seized by US law enforcement. RAMP - the Russian Anonymous MarketPlace - first emerged in mid-2021. It quickly became popular, filling a void in the cybercriminal ecosystem, after other major Russian-language hacking forums banned ransomware-related content following pressure in the aftermath of the Colonial Pipeline attack by the DarkSide gang. RAMP served as a marketplace where ransomware operators could recruit affiliates, where initial access brokers could sell credentials for compromised business networks, and where cybercriminals could trade their stolen data and tools. Many infamous ransomware groups, such as ALPHV/BlackCat, Qilin, DragonForce, and RansomHub would use the RAMP platform to promote their operations. The site was certainly popular, boasting in excess of 14,000 users even though it requested evidence of two months' activity on other hacking forums or a US $500 fee to join. Things started to go badly wrong for RAMP, however, when one of the individuals behind the forum was named as Russian national Mikhail Matveev (also known as "Orange", "Wazawaka", and "BorisElcin." Matveev was listed on the FBI's most wanted list, and was subsequently (and unusually) arrested in Russia in 2024. Following the seizure of RAMP, another of the forum's alleged operators, confirmed the takedown in a posting on another hacking forum. "This event destroyed years of my work to create the most free forum in the world, and although I hoped this day would never come, deep down I always understood that it was possible," wrote "Stallman". "This is the risk we all take." As Flare reports, "Stallman" has indicated that the cybercriminal activity conducted through RAMP would continue through other channels. A seizure like this is not going to eliminate ransomware overnight, but it does represent a meaningful disruption of cybercriminal infrastructure, as hackers will be forced to migrate their activities, and will be presented with new challenges related to their operational security and who they can trust. After all, the seizure of RAMP suggests that the authorities now have access to the site's user data - which is likely to include email and IP addresses, private messages, and more, which could lead to arrests in the coming months. TAGS industry news AUTHOR Graham CLULEY Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s. View all posts RIGHT NOW TOP POSTS SCAM HOW TO Scammer phone number lookup. How to check if a phone number is a scam April 19, 2024 FAMILY SAFETY How to Outsmart AI Voice Scammers Pretending to Be Your Family March 03, 2026 SCAM DIGITAL PRIVACY HOW TO How scammers gain access and hack your WhatsApp account and what you can do to protect yourself May 01, 2024 INDUSTRY NEWS 200,000 naked Snapchat images leaked, after third-party hack October 13, 2014 FOLLOW US ON SOCIAL MEDIA YOU MIGHT ALSO LIKE INDUSTRY NEWS Free parking in Russia after Distributed Denial-of-Service attack knocks city's parking system offline Graham CLULEY March 16, 2026 2 min read INDUSTRY NEWS FBI Warns Gamers About Malware Hidden in Indie Steam Games Silviu STAHIE March 16, 2026 3 min read INDUSTRY NEWS DIGITAL PRIVACY Meta to halt Instagram end-to-end encryption for DMs on May 8, 2026 Vlad CONSTANTINESCU March 16, 2026 2 min read BOOKMARKS You have no bookmarks yet. Tap to read it later.