FBI seizes RAMP cybercrime forum used by ransomware gangs

pMicrosoft New Windows LNK spoofing issues arent vulnerabilitiesppFake AI Chrome extensions with 300K users steal credentials emailsppApple fixes zeroday flaw used in extremely sophisticated attacksppMicrosoft February 2026 Patch Tuesday fixes 6 zerodays 58 flawsppRussia tries to block WhatsApp Telegram in communication blockadeppBitwarden introduces Cupid Vault for secure password sharingppCritical BeyondTrust RCE flaw now exploited in attacks patch nowppMicrosoft New Windows LNK spoofing issues arent vulnerabilitiesppHow to access the Dark Web using the Tor BrowserppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppeLearningppIT Certification CoursesppGear GadgetsppSecurityppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppppThe FBI has seized the notorious RAMP cybercrime forum a platform used to advertise a wide range of malware and hacking services and one of the few remaining forums that openly allowed the promotion of ransomware operationsppBoth the forums Tor site and its clearnet domain ramp4uio now display a seizure notice stating The Federal Bureau of Investigation has seized RAMPppThis action has been taken in coordination with the United States Attorneys Office for the Southern District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice the notice readsppThe seizure banner also appears to taunt the forums operators by displaying RAMPs own slogan THE ONLY PLACE RANSOMWARE ALLOWED followed by a winking Masha from the popular Russian Masha and the Bear kids cartoonppWhile there has been no official announcement by law enforcement regarding this seizure the domain name servers have now been switched to those used by the FBI when seizing domainsppIf so law enforcement now has access to a significant amount of data tied to the forums users including email addresses IP addresses private messages and other potentially incriminating informationppFor threat actors who failed to follow proper operational security opsec this could lead to identification and arrestsppIn a forum post to the XSS hacking forum one of the alleged former RAMP operators known as Stallman confirmed the seizureppI regret to inform you that law enforcement has seized control of the Ramp forum reads the translated forum postppThis event has destroyed years of my work building the freest forum in the world and while I hoped this day would never come I always knew in my heart it was possible Its a risk we all takeppBleepingComputer contacted the FBI with question regarding the seizure but they declined to commentppThe RAMP cybercrime forum launched in July 2021 following the banning of the promotion of ransomware operations by popular Russianspeaking Exploit and XSS hacking forumsppThis ban was due to heightened pressure from Western law enforcement following the DarkSide ransomware attack on Colonial PipelineppIn July 2021 a new Russianspeaking forum called RAMP launched promoting itself as one of the last remaining places where ransomware could be openly promoted This led to multiple ransomware gangs using the forum to promote their operations recruit affiliates and buy and sell access to networksppRAMP was launched by a threat actor known as Orange who also operated under the aliases Wazawaka and BorisElcinppOrange was previously the administrator of the Babuk ransomware operation which shut down after its ransomware attack on the DC Metropolitan Police DepartmentppInternal disputes allegedly erupted within the group over whether stolen law enforcement data should be publicly leaked and after the data was leaked the group splinteredppFollowing the split Orange launched the RAMP forum on a Tor onion domain that Babuk had previously usedppSoon after its launch RAMP experienced distributed denialofservice DDoS attacks that disrupted its availability Orange publicly blamed former Babuk partners for the attacks though the previous members denied responsibility to BleepingComputer stating they had no interest in the forumppThe individual behind the Orange and Wazawaka aliases was later publicly identified by cybersecurity journalist Brian Krebs as Russian national Mikhail MatveevppIn an interview with Recorded Futures Dmitry Smilyanets Matveev confirmed that he previously operated under the alias Orange and that he created RAMP using the former Babuk onion domainppMatveev explained that the forum was initially created to repurpose Babuks existing infrastructure and traffic He claimed that RAMP ultimately generated no profit and was subjected to constant DDoS attacks which led him to step away from managing it after it gained popularityppIn 2023 Matveev was indicted by the US Department of Justice for his involvement in multiple ransomware operations including Babuk LockBit and Hive which targeted US healthcare organizations law enforcement agencies and other critical infrastructureppHe was also sanctioned by the US Treasurys Office of Foreign Assets Control and placed on the FBIs mostwanted list with the US State Department offering a reward of up to 10 million for information leading to his arrest or convictionppModern IT infrastructure moves faster than manual workflows can handleppIn this new Tines guide learn how your team can reduce hidden manual delays improve reliability through automated response and build and scale intelligent workflows on top of tools you already useppCrypto wallets received a record 158 billion in illicit funds last yearppBlack Basta boss makes it onto Interpols Red Notice listppMicrosoft disrupts massive RedVDS cybercrime virtual desktop serviceppFBI takes down BreachForums portal used for Salesforce extortionppFBI seizes domain storing bank credentials stolen from US victimsppNot a member yet Register NowppMicrosoft February 2026 Patch Tuesday fixes 6 zerodays 58 flawsppMicrosoft 365 outage takes down admin center in North AmericappMalicious 7Zip site distributes installer laced with proxy toolppOverdue a password healthcheck Audit your Active Directory for freeppBring observability to browserbased AI and user activityppDiscover how to scale IT infrastructure reliably without adding toil or burnoutppBuild cyber resilience with Wazuh The opensource SIEM XDR for proactive protectionppAre your credentials in stealer logs Scan your organizations credential exposure nowppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2026 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp