59/69 Friday, January 30, 2026
The U.S. Federal Bureau of Investigation (FBI) has seized the cybercrime forum known as RAMP, a platform widely used to advertise and trade malware, hacking services, and one of the few remaining forums that openly allowed the promotion of ransomware activities. Both the forum’s Tor site and its clearnet domain (ramp4u[.]io) now display a seizure banner stating that the action was carried out jointly by the FBI, the U.S. Attorney’s Office, and the Computer Crime and Intellectual Property Section (CCIPS) of the U.S. Department of Justice.
Although law enforcement agencies have not yet released an official statement detailing the seizure, the switch of the domain’s name servers to infrastructure typically used by the FBI in prior takedowns strongly indicates full control of the forum. This could allow authorities to access significant user data, including email addresses, IP addresses, private messages, and other information that may serve as evidence in ongoing investigations. Users who failed to maintain proper Operational Security (OPSEC) may therefore face an increased risk of identification and prosecution.
RAMP was first launched in July 2021, following decisions by major hacker forums such as Exploit and XSS to ban ransomware advertising amid intensified pressure from Western law enforcement after the Colonial Pipeline attack. RAMP subsequently became a central hub for ransomware groups to recruit affiliates, trade network access, and promote illicit activities. The forum was founded by a user operating under the alias “Orange,” later identified as Mikhail Matveev, a Russian national linked to multiple ransomware operations, including Babuk, LockBit, and Hive. In 2023, Matveev was indicted by the U.S. Department of Justice, sanctioned by the U.S. Department of the Treasury, and placed on the FBI’s Most Wanted list, with a reward of up to $10 million for information leading to his arrest or conviction.
