Russian-Speaking Forum ‘RAMP’ Fostering New RaaS Launches and Affiliates

  • A new dark-web forum called 'RAMP' is looking to connect RaaS vendors with orphaned affiliates.
  • The forum has had an impressive start, then a spam-induced shutdown, and is scheduled to relaunch next month.
  • 'RAMP' can serve as the "barometer" to determine if public RaaS programs still have a future.

The dark web is an ever-evolving space with domains changing hands, platforms shutting down, actors disappearing, and new places emerging as the next big thing. Researchers at KELA, the cyber-intelligence expert who focuses on the identification of novel threats that originate from the darkest places of the web, have spotted a new forum named 'RAMP.' This is a place set up to allow ransomware affiliates to find "ethical" RaaS programs to join and vendors to reach out to interested actors.

According to the report that KELA shared with TechNadu prior to its publication, the admin of the RAMP forum, who currently uses the nickname "Orange," announced it as a haven for the chased community that had no place to go after the REvil and DarkSide bans that took place on other notorious forums ('Exploit' and 'XSS'). The site itself is hosted on a domain previously used by Babuk, but since the actor has previously claimed to have sold various things to other hackers, it is impossible to tell if he's currently actively involved in this new endeavor.

Source: KELA

In terms of what can be found on RAMP, that would include mostly RaaS program promotions and affiliate posts looking for collaboration opportunities, selling initial access to compromised networks, etc. The rules mandate that anything relevant to attacking Russian firms or entities from CIS countries is prohibited. Spamming and using multiple accounts will also get you banned in RAMP.

RAMP rules, Source: KELA

One notable case was a post by a LockBit admin who promised to launch the LockBit 2.0 ransomware version soon, almost a full month back. Bleeping Computer now reports that the first samples of the advanced ransomware strain have been captured in the wild and are being analyzed by malware researchers. This announcement first came on RAMP, validating the forum and its role in the cybercrime space.

LockBit 2.0 announcement on RAMP, Source: KELA

During the first ten days of its operation, RAMP counted 350 registered users and over 100 posts. This steep rise came to an abrupt end when the site fell victim to a spamming attack that unfolded last week, with the hackers demanding the payment of a $5,000 ransom to stop the assault. The admin refused to comply with the demands, and the forum was soon flooded with porn GIFs as a result.

"Orange" offers $2,000 to anyone able to help clean up the forum, Source: KELA.

This led to the decision to purge everything (including most of the registered users), restrict all access to RAMP, and announce the intention to rebuild the forum from scratch using a more robust engine this time. The relaunch is set to take place on August 13, 2021, and to be accepted as a new user, one will have to cover the cost of $500 for a registration fee. This will ensure that only those who are serious about doing RaaS business will join RAMP, but it is well above the entry fee requested elsewhere.

RAMP relaunch countdown frontpage, Source: KELA

If 'RAMP' makes it, it'll mean that public ransomware as a service (RaaS) operations still have a future and that there are groups out there addressing the wider cybercrime community to make a profit. With all that has happened lately, nobody can be certain, but it's good to have a gauging tool that will give us the answer.



How to Watch American Dad Season 17 Online From Anywhere

The American Dad animated series keeps going strong despite the rumors and the haters, and its fanbase is excited to watch the...

How to Watch Snowpiercer Season 3 Online From Anywhere

The Snowpiercer Season 3 is knocking on our door, so if you missed the post-apocalyptic speed train setting and the struggle the...

Jujutsu Kaisen Chapter 173 Release Date, Time and Where To Read

Jujutsu Kaisen's latest chapter saw the end of Fushiguro's fight with Reggie. Since the last few chapters were extensively about the ongoing...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari