Darknet forum RAMP4U seized by FBI

January 29, 2026

Figure 1 – RAMP4U.io seizure notice

Introduction

On 28 January 2026 a seizure notice appeared on the notorious darknet forum RAMP4U. The notice stated the FBI had seized the site. Both the clear net and onion domains showed this notice.

RAMP4U

In July 2021, Russian-speaking threat actors on the darknet forums XSS and exploit.in began advertising a new ‘ransomware’ specific discussion forum called RAMP. This appeared to be in response to XSS and Exploit banning the advertising of ransomware on their respective sites. RAMP was advertised to be a ‘safe space’ where ransomware-related discussions and coordination could freely and openly be discussed.

Figure 2 – Post on XSS banning the advertising of ransomware

DarkOwl assess that RAMP originated with members or affiliates of the Babuk ransomware gang. Babuk launched their operation in January 2021 and quickly received notoriety for their cyber campaigns. In early April 2021, the group successfully compromised and allegedly exfiltrated over 250GB of sensitive data from the Washington, DC Metropolitan Police.

Figure 3 – Historic view of RAMP4u forum

Seizure

While the FBI are yet to make a formal statement in relation to the seizure of RAMP4U, the domains now point to domain servers which are used by the FBI when seizing infrastructure.

Figure 4 – NS look up

Furthermore, the alleged administrator of RAMP4U appeared to confirm the seizure on a post via XSS.

Figure 5 – DarkOwl Vision post on XSS confirming seizure of RAMP4U

This current activity highlights a continued trend in Law Enforcement seizure of darknet forums, with BreachForums and XSS being notable takedowns in the last 6 months. However, it remains to be seen the effect that this will have, where will the users of RAMP4U move to and or will the site reappear under a new guise. Time will tell.