#FBI Seizes Notorious RAMP Cybercrime Forum

The RAMP cybercrime forum, a platform used by ransomware gangs, has been seized by the FBI.

#Seizure Details

The FBI has seized the RAMP cybercrime forum, a notorious platform used to advertise a wide range of malware and hacking services, including ransomware operations. The forum's Tor site and clearnet domain, https://ramp4u.io, now display a seizure notice stating, "The Federal Bureau of Investigation has seized RAMP." The notice was taken in coordination with the United States Attorney's Office for the Southern District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice.

#Implications

This seizure could lead to identification and arrests of individuals who used the forum. The domain name servers have now been switched to those used by the FBI when seizing domains, giving law enforcement access to a significant amount of data tied to the forum's users, including email addresses, IP addresses, private messages, and other potentially incriminating information.

#Background of RAMP

The RAMP cybercrime forum was launched in July 2021, following the banning of the promotion of ransomware operations by popular Russian-speaking Exploit and XSS hacking forums. RAMP was created by a individual known as Orange, who also operated under the aliases Wazawaka and BorisElcin. Orange was previously the administrator of the Babuk ransomware operation, which shut down after its ransomware attack on the D.C. Metropolitan Police Department.

#Operator's Statement

One of the alleged former RAMP operators, known as "Stallman," confirmed the seizure in a forum post to the XSS hacking forum.

I regret to inform you that law enforcement has seized control of the Ramp forum

This event has destroyed years of my work building the freest forum in the world, and while I hoped this day would never come, I always knew in my heart it was possible. It's a risk we all take.

#Investigation and Charges

The individual behind the Orange and Wazawaka aliases was later publicly identified by cybersecurity journalist Brian Krebs as Russian national Mikhail Matveev. In 2023, Matveev was indicted by the U.S. Department of Justice for his involvement in multiple ransomware operations, including Babuk, LockBit, and Hive, which targeted U.S. healthcare organizations, law enforcement agencies, and other critical infrastructure. He was also sanctioned by the U.S. Treasury's Office of Foreign Assets Control and placed on the FBI's most-wanted list, with the U.S. State Department offering a reward of up to $10 million for information leading to his arrest or conviction.