Ransomware supply chain untangled by RAMP forum leak

Security Affairs reports that prolific Russian dark web forum and ransomware network RAMP has suffered a major data leak that exposed thousands of user records, activity logs, and insights into how the cybercrime market operates.

The incident revealed that RAMP functions as a structured hub for cybercriminals. Comparitech found that they sell unauthorized access to corporate networks and form ransomware-as-a-service partnerships. They target sectors such as government, finance, healthcare, and technology, particularly in the U.S., focusing on high-value victims. Listings are shared publicly, while private messages are used to negotiate deals, expand attacks, and trade access to multiple network points. Organizations are urged to secure early access points to reduce ransomware risk. They are advised to limit exposed services, implement multi-factor authentication, and monitor for unusual login activities. Companies should also regularly check for leaked credentials on dark web sources and strengthen endpoint and identity protection.

"IP addresses were decoded from binary format and geolocated against known ISP allocations. All findings are based on data as it existed in the database dump and have not been independently verified against live sources," Comparitech added.