The FBI has seized RAMP, a predominantly Russian-language online marketplace and discussion forum that billed itself as the “only place ransomware allowed.” Both the dark-web and clear-web sites now display a banner announcing that the FBI has taken control of the domains, which mirrored each other.
RAMP, founded in 2012 and rebranded in 2021, catered to Russian, Chinese, and English-speaking users. It boasted more than 14,000 registered members who underwent vetting, with a $500 fee for anonymous participation. The forum hosted cybercrime discussions, tutorials, and a marketplace for malware and related services.
Security researchers have noted that RAMP was among the last major forums to operate with limited enforcement, following the takedown of others such as XSS, whose operators were arrested by Europol in 2025. The collapse of RAMP leaves a vacuum in the ransomware ecosystem, often used by threat actors to buy or sell tools and data.
In a banner on the seized site, the FBI and DOJ stated that the action was conducted in coordination with the U.S. Attorney’s Office for the Southern District of Florida and the DOJ’s Computer Crime and Intellectual Property Section. The banner also included a graphic that previously appeared on the site, which touted RAMP as the “only place ransomware allowed.”
As with similar seizures, it remains unclear whether authorities obtained user records or other data. Web-domain records show the RAMP domains now point to FBI infrastructure, signaling a broader push to disrupt ransomware economies. No arrests were announced in connection with the takedown.
