ZeroFox Intelligence Flash Report - FBI Seizes Dark Web Forum RAMP

ZeroFox Intelligence Flash Report - FBI Seizes Dark Web Forum RAMP

Product Serial: F-2026-01-29a

TLP:CLEAR

In this Flash report, ZeroFox researchers report on the seizure of the dark web forum RAMP by elements of U.S. law enforcement.

Standing Intelligence Requirements

For the most up-to-date list of ZeroFox’s Intelligence Requirements, please visit:

https://cloud.zerofox.com/intelligence/advisories/14956

Link to Download

View the full report here

Key Findings

• On January 28, 2026, the Federal Bureau of Investigation (FBI) seized the dark web forum RAMP in a coordinated action with the U.S. Attorney’s Office for the Southern District of Florida and the Computer Crime and Intellectual Property Section of the U.S. Department of Justice (DoJ).
• The RAMP forum’s primary purpose was to advertise ransomware-as-a-service (RaaS) activities, and it was the only known dark web forum where such activity was explicitly permitted.
• Following news of the seizure, screenshots from a suspected leaked RAMP database appeared in a Telegram channel—including an email address allegedly used by well-known RaaS operator “LockBit” to register on RAMP.
• The seizure of RAMP is likely to have a significant impact on the cybercriminal community in the short term. As RAMP was the only known dark web forum to explicitly allow RaaS operations on its platform, it is an environment that will not be easy to replace quickly. It is also highly likely that arrests derived from the seizure of the RAMP forum will be made within the next six months.