The RAMP (Russian Anonymous Marketplace) forum, one of the main hubs of the international cybercrime underground, has been officially shut down and seized by US law enforcement .
The news emerged after the domain associated with the platform began displaying a joint seizure banner from the Federal Bureau of Investigation (FBI) and the Department of Justice (DoJ) .
The message displayed on the seized site clearly reads ” THIS SITE HAS BEEN SEIZED ,” along with confirmation that the operation was conducted in coordination with the U.S. Attorney’s Office for the Southern District of Florida and the Department of Justice’s Computer Crime and Intellectual Property Section.
This move marks a further blow to the ecosystem of marketplaces and forums linked to ransomware and cybercriminal activity.
RAMP was known as an exclusive underground forum, often described as ” the only place ransomware allowed ,” a closed and highly selective environment where ransomware operators, initial access brokers, and high-profile cybercriminals met. Over the years, the platform had become a central role in the dynamics of cybercrime-as-a-service.
Final confirmation of the closure also came from a post published directly on the forum , signed by the user “Stallman,” a figure historically associated with RAMP’s management. In the message, the author wrote: “I regret to inform you that law enforcement has taken control of the Ramp forum. This event has destroyed years of my work creating the freest forum in the world.”
In the post, Stallman also admits that he has always been aware of the risk: “Although I hoped this day would never come, deep down I always understood it was possible. This is a risk we all take.” These words reflect the growing pressure from international authorities against the digital infrastructure of online organized crime.
Despite the forum’s closure, the author makes it clear that he has no intention of recreating RAMP : “I no longer run Ramp and won’t be creating a new forum from scratch.”
However, it added that its core activities would not end, openly stating that it will continue to operate as a buyer of compromised logins , a key component in ransomware attack chains.
The message also includes references to private communication channels, such as Jabber and Tox , demonstrating how criminal relationships and trafficking can continue even outside of a centralized platform. This confirms that the closure of a forum, however significant, does not necessarily mean the end of the criminal activity associated with it.
The closure of RAMP is part of a broader law enforcement strategy aimed at dismantling cybercrime infrastructure , targeting not only ransomware groups but also the digital spaces where these actors meet, collaborate, and conduct business. This is a strong signal, but it leaves open the question of which underground hub will be ready to take up its legacy.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
