The Federal Bureau of Investigation (FBI) has seized the clearnet and darkweb domains of the RAMP underground platform. The RAMP platform serves as a hacking forum and caters to several groups involved in Ransomware-as-a-Service and other cybercriminals. While the FBI has yet to issue an official statement to that effect, the domains used by the forum now display banners that read “The Federal Bureau of Investigation has seized RAMP.” The banners noted that the action was carried out by the FBI in coordination with the US Attorney’s Office of the Southern District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice. FBI takes down underground hacking forum RAMP, which originally stood for Russian Anonymous Marketplace, was a popular dark web forum that primarily served Russian-speaking clients engaged in cybercrime. They include RaaS gangs and initial access brokers. The takedown was also confirmed by a user named “Stallman”, who appears to be one of the owners of RAMP, the XSS hacking forum post translated from Russian and shared on the blogging platform X. “With regret, I inform you that law enforcement agencies have gained control over the Ramp forum. This event destroyed years of my work to create the freest forum in the world, and although I hoped this day would never come, deep down I always understood that it was possible. This is the risk we all take,” the post reads. He also added that even though he will no longer be controlling Ramp, he doesn’t intend to create another platform from scratch. Stallman also added that he will continue his business of purchasing access, noting that his core business remains unchanged. “If you have something you can offer me, the terms are listed in my signature. Message me in private messages, and we will exchange via Jabber/Tox,” he added. In addition to offering a forum for ransomware activities, the place was a platform for notorious groups like LockBit, Qilin, RansomHub, ALPHV/BlackCat, and DragonForce to promote their services. The website also included several discussion groups where users posted tutorials on cyberattacks. Speaking about the takedown, Ben Clarke, SOC manager at CybaVerse, said the platform’s success stemmed from providing hackers with the entire attacker chain. This means users can access services ranging from purchasing stolen credentials to promoting malware and selling and purchasing other services. How effective are these takedowns? Clarke mentioned that while the takedown will affect criminal activity for a while, the long-term impact could be minimal. “Anything to disrupt this activity is a positive step for defenders. But we would be naive to believe it will have a tangible impact on cybercrime,” he said. “New marketplaces will be formed to take RAMP’s place, while threat actors will navigate to other platforms to buy and sell services.” Over the last few years, law enforcement has registered mixed results in takedowns. While the takedowns do happen, these platforms are often revived, as in the case of the Emotet botnet takedown in 2022. The platform returned with a vengeance. However, this doesn’t mean that these operations do not work, according to Daniel Wilcock, threat analyst at Talion, noting that takedowns are still the best tactic for law enforcement to stifle cybercriminal activities and gain vital information. “While this doesn’t signal the end of ransomware, law enforcement will be able to gain valuable information from the seizure around the threat actors using the services, such as their emails and IP addresses, plus access to the financial transactions that took place on the market,” he said. “This could support further law enforcement action against the threat actors that used the site, but given that RAMP was heavily used by Russian criminals, it’s highly unlikely we will see many actual arrests.” Sharpen your strategy with mentorship + daily ideas - 30 days free access to our trading program