Skip to content
Ransomware group

RAMP

RAMP is a prominent Russian-language cybercrime forum focused on ransomware activity.

Profile source: Mallory opens in a new tab

RAMP

Family profile

RAMP is a prominent Russian-language cybercrime forum focused on ransomware activity. It was renamed from Payload[.]bin to RAMP on July 13, 2021; according to its founder Orange, the name stood for "Ransom Anon Market Place." Reporting cited in the content identifies Orange as the founder of RAMP and links Orange to the aliases Wazawaka, Boriselcin, TetyaSluha, Uhodiransomwar, and Biba99, which KrebsOnSecurity and Intel 471 further associate with Russian national Mikhail Pavlovich Matveev. The content states that RAMP emerged after major dark web forums banned ransomware groups following the Colonial Pipeline attack.

RAMP functioned as a hub for ransomware operations and related cybercrime services. The content states that it was used by ransomware affiliates, malware developers, and initial access brokers, and that it offered leaked-data auctions, malware rentals, and initial access broker listings. Orange later announced a new ransomware affiliate program called Groove on RAMP. The forum was described as ransomware-focused and part of the broader ransomware-as-a-service and extortion ecosystem.

The content also states that U.S. federal authorities seized both the clearnet and dark web domains associated with RAMP (including Ramp4u.io). The seizure was reportedly carried out by the FBI in coordination with the U.S. Attorney’s Office for the Southern District of Florida and the DOJ Computer Crime and Intellectual Property Section. Seized domains displayed FBI/DOJ seizure notices and were updated to fbi.seized.gov nameservers. No arrests were officially confirmed in the cited reporting.

Ransomware.live

Operational record

View group record ↗

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.