Law enforcement agencies have shut down the RAMP hack forum, one of the scarce platforms where openly showcasing ransomware software was still permissible. The site served as an outlet for selling malware, offering hacking services, and recruiting affiliates for ransomware syndicates.
By late January 2026, both the Tor iteration of the forum and the ramp4u[.]io domain became unreachable, displaying notifications indicating the resource has been seized. The advisory states this operation was executed in collaboration with the U.S. Attorney’s Office for the Southern District of Florida and the Computer Crime Section of the U.S. Department of Justice.
While official statements from law enforcement have yet to be released, the domain’s DNS records have already been redirected to servers utilized by the FBI during site seizures: ns1.fbi.seized.gov and ns2.fbi.seized.gov.
It remains uncertain whether authorities managed to gain access to the site’s user databases or other stored data.
On the XSS hacker forum, a former RAMP administrator using the alias Stallman confirmed the site’s seizure:
“It is with deep regret that I inform you that law enforcement has taken control of the Ramp forum. This incident has undone years of my dedication to building the most unrestrained forum globally, and although I prayed this day would never materialize, deep down I always acknowledged its possibility. This is the inherent hazard we all accept.”
The RAMP forum launched in July 2021, subsequent to popular Russian-language hacking venues prohibiting advertisements for ransomware. This prohibition stemmed from pressure exerted by Western law enforcement agencies following the DarkSide group’s assault on the Colonial Pipeline company.
Consequently, RAMP positioned itself as one of the final venues where ransomware malware could be openly advertised. Numerous syndicates utilized this venue to promote their activities, recruit collaborators, and facilitate the acquisition and sale of access credentials to corporate networks.
About the Author
