In a significant crackdown on the global cybercrime ecosystem, United States federal authorities have taken control of RAMP, a prominent Russian-language cybercrime forum known for hosting ransomware-related activities. Both the clearnet and dark web domains of RAMP, also known as Ramp4u.io, have been seized.
Seizure notices displayed on the domains confirm that the action was carried out by the Federal Bureau of Investigation, in coordination with the United States Attorney’s Office for the Southern District of Florida and the Department of Justice’s Computer Crime and Intellectual Property Section.
“THIS SITE HAS BEEN SEIZED. The Federal Bureau of Investigation has seized RAMP. This action has been taken in coordination with the United States Attorney’s Office for the Southern District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice. Please contact IC3.gov if you have information to report about cyber-criminal activity on RAMP.”
As of January 28, 2026, the domains redirect to official seizure banners displaying FBI and DOJ seals. The nameservers have also been updated to ns1.fbi.seized.gov and ns2.fbi.seized.gov, confirming full control by US authorities.
Forum insider acknowledges takedown
On another underground forum, a user identified as Stallman, believed to be linked to RAMP’s operations, posted a message in Russian confirming that law enforcement had taken over the platform. He described RAMP as “the most free forum in the world” and stated that he would not attempt to rebuild it. He also confirmed that the forum had been fully compromised and was no longer under the control of its operators.
There has been no official confirmation of arrests so far, and it remains unclear whether key operators or high-profile users have been detained. Authorities have directed the public to the FBI’s IC3 portal for reporting related cybercrime information.
From darknet market to cybercrime hub
The RAMP name was first linked to the Russian Anonymous Marketplace, a darknet drug platform active from around 2012 until its shutdown in 2017 by Russian law enforcement. That version did not return.
In mid-2021, a new RAMP platform emerged as a cybercrime-focused forum. It openly promoted itself as “The Only Place Ransomware Allowed” and became a key hub for ransomware affiliates, malware developers, and initial access brokers.
Its services included leaked data sales, malware rentals, ransomware-as-a-service programs, and access listings for compromised corporate networks. Following earlier takedowns of other forums, RAMP grew rapidly due to its lenient moderation.
Authorities have not yet issued a detailed public statement, but the seizure and insider confirmation make the shutdown clear.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
