The FBI has seized management of RAMP, a infamous cybercrime on-line discussion board that bragged to be “the one place ransomware allowed.”
Each the discussion board’s presence on the darkish internet and on its common web site area now show a discover from the FBI introduced that it has been taken over by the legislation enforcement company.
In response to the message posted on the seized web sites, it was seized by the FBI in collaboration with the US Lawyer’s Workplace for the Southern District of Florida and the US Justice Division’s Laptop Crime and Mental Property Part (CCIPS).
The seizure banner comes full with a cheeky addition – a winking Masha from the favored Russian youngsters’s TV cartoon sequence “Masha and the Bear.”
Positive sufficient, RAMP’s nameservers now level to ns1.fbi.seized.gov and ns2.fbi.seized.gov, confirming they’ve been seized by US legislation enforcement.
RAMP – the Russian Nameless MarketPlace – first emerged in mid-2021. It rapidly turned widespread, filling a void within the cybercriminal ecosystem, after different main Russian-language hacking boards banned ransomware-related content material following stress within the aftermath of the Colonial Pipeline assault by the DarkSide gang.
RAMP served as a market the place ransomware operators might recruit associates, the place preliminary entry brokers might promote credentials for compromised enterprise networks, and the place cybercriminals might commerce their stolen knowledge and instruments.
Many notorious ransomware teams, equivalent to ALPHV/BlackCat, Qilin, DragonForce, and RansomHub would use the RAMP platform to advertise their operations.
The positioning was definitely widespread, boasting in extra of 14,000 customers although it requested proof of two months’ exercise on different hacking boards or a US $500 payment to affix.
Issues began to go badly incorrect for RAMP, nonetheless, when one of many people behind the discussion board was named as Russian nationwide Mikhail Matveev (often known as “Orange”, “Wazawaka”, and “BorisElcin.” Matveev was listed on the FBI’s most wished record, and was subsequently (and unusually) arrested in Russia in 2024.
Following the seizure of RAMP, one other of the discussion board’s alleged operators, confirmed the takedown in a posting on one other hacking discussion board.
“This occasion destroyed years of my work to create essentially the most free discussion board on the planet, and though I hoped at the present time would by no means come, deep down I all the time understood that it was doable,” wrote “Stallman”. “That is the chance all of us take.”
As Flare experiences, “Stallman” has indicated that the cybercriminal exercise carried out by means of RAMP would proceed by means of different channels.
A seizure like this isn’t going to get rid of ransomware in a single day, but it surely does symbolize a significant disruption of cybercriminal infrastructure, as hackers can be pressured emigrate their actions, and can be offered with new challenges associated to their operational safety and who they will belief.
In spite of everything, the seizure of RAMP means that the authorities now have entry to the location’s person knowledge – which is prone to embrace e mail and IP addresses, non-public messages, and extra, which might result in arrests within the coming months.
