ZeroFox Intelligence Flash Report - FBI Seizes Dark Web Forum RAMP
|by Alpha Team

ZeroFox Intelligence Flash Report - FBI Seizes Dark Web Forum RAMP
Product Serial: F-2026-01-29a
TLP:CLEAR
In this Flash report, ZeroFox researchers report on the seizure of the dark web forum RAMP by elements of U.S. law enforcement.
Standing Intelligence Requirements
For the most up-to-date list of ZeroFox’s Intelligence Requirements, please visit:
https://cloud.zerofox.com/intelligence/advisories/14956
Link to Download
View the full report here
Key Findings
- On January 28, 2026, the Federal Bureau of Investigation (FBI) seized the dark web forum RAMP in a coordinated action with the U.S. Attorney’s Office for the Southern District of Florida and the Computer Crime and Intellectual Property Section of the U.S. Department of Justice (DoJ).
- The RAMP forum’s primary purpose was to advertise ransomware-as-a-service (RaaS) activities, and it was the only known dark web forum where such activity was explicitly permitted.
- Following news of the seizure, screenshots from a suspected leaked RAMP database appeared in a Telegram channel—including an email address allegedly used by well-known RaaS operator “LockBit” to register on RAMP.
- The seizure of RAMP is likely to have a significant impact on the cybercriminal community in the short term. As RAMP was the only known dark web forum to explicitly allow RaaS operations on its platform, it is an environment that will not be easy to replace quickly. It is also highly likely that arrests derived from the seizure of the RAMP forum will be made within the next six months.
Tags: tlp:clear, dark web, malware