Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

In the overwhelming sea of information, access to timely, insightful and independent open-source intelligence (OSINT) analyses is crucial for maintaining the necessary situational awareness to stay on the top of emerging security threats. This blog covers trends and fads, tactics and strategies, intersecting with third-party research, speculations and real-time CYBERINT assessments, all packed with sarcastic attitude

Tuesday, February 24, 2026

Dissecting the RAMP (Russian Anonymous Marketplace) Ransomware Forum - An Analysis

Dear blog readers,

I just did the impossible but I'll leave a set of photos and personally identifiable information about RAMP (Russian Anonymous Marketplace) Ransomware Forum to speak for itself.

Sample screenshots from my custom built parser and dashboard:

Sample personally identifiable IP addresses for registered users of the RAMP ransomware forum:

An additional set of personally identifiable IP addressess attributed to their user names from the RAMP ransomware forum:

Sample personally identifiable email address accounts of users of the RAMP ransomware forum:

Sample personally attributable BitCoin wallet addresses from the RAMP Ransomware Forum:

bc1q0hv5p5gygrqqahj7ds8ssk2kajykjz5rxmspj6 | User: admin | Source: DM ID 4984 (Conv 1298)
bc1q0nrnvcqlty00ymr9c6qxvchdyr0w95px5rhtdk | User: admin | Source: DM ID 5151 (Conv 308)
bc1q3z6fsegsq79k2lcsgkwrez6tcwsvq2uylewp8s | User: Support | Source: DM ID 833 (Conv 172)
bc1q6j6g9j24cfkg57hrhz6yev9ym6pleuhtpekkgq | User: Mafia | Source: DM ID 723 (Conv 158)
bc1q87akg05wjnfmxwyj6j6ars9c0q0va6m0xu68xe | User: tyman | Source: Post ID 3604 (Thread 61)
bc1q8y97gq3apqsmfr808lhcj3uggujcd7786cpfau | User: N0_Esc4pe | Source: DM ID 5920 (Conv 1533)
bc1q9jvaemgc9262g0lzpsx0ke7z0lpj7yvpl6hfmv | User: Stallman | Source: DM ID 981 (Conv 189)
bc1qa4s3zlrdrjs9a5rjlveswzj0e7c37ptl4aqluf | User: admin | Source: DM ID 6016 (Conv 1316)
bc1qavkc796mfrrvsyjenvx8ef5xzn6zlrufv4rd7c | User: el84 | Source: DM ID 5087 (Conv 1328)
bc1qc2k5hhz5y53ppxyl2n5yhhz2pju3pqnnpn3h3w | User: RATNICK | Source: DM ID 6401 (Conv 1670)
bc1qcvh05dvca25k56k9nclpnq56h9x427fvmcdshy | User: Mafia | Source: DM ID 841 (Conv 158)
bc1qfz6jesmux9qps5svlnnk87z86vdnp4l5qqu98s | User: admin | Source: DM ID 6943 (Conv 1298)
bc1qg6cc8dmcvqqpvjz99hsjyt58rzccvtdn8hevr8 | User: admin | Source: DM ID 7167 (Conv 1830)
bc1qgfsvtpuaaf86zsrcnmhckjk6dv3a9mul9dveve | User: tyman | Source: Post ID 3604 (Thread 61)
bc1qjneykg4m2hctafyp9tr05mld2m2tn8rjaycze7 | User: Nero | Source: DM ID 4701 (Conv 1219)
bc1qjqugxy6agwujvtyqs5ht8h70cgsf296ekc0ez6 | User: eloncrypto | Source: DM ID 6980 (Conv 1802)
bc1qjvclt6q7d56t4uxhn7u0xhtcp0ef4kjmc4zzjf | User: admin | Source: DM ID 5040 (Conv 1316)
bc1qk3rh7c0h5pv02rluscjnyrce6kv0n5hv8neaxw | User: CheckZilla | Source: DM ID 2274 (Conv 308)
bc1qlkltuywcqs03wxu46elh6w2d5e0fvsdw4ddcfd | User: admin | Source: DM ID 4066 (Conv 1065)
bc1qllt6vt3zxuclfwng3wfy7grk8kf4rt89cyc5l5 | User: admin | Source: DM ID 6944 (Conv 1781)
bc1qm4kc76vckhdu5xp54natj3fd72wwujl6j9fa3q | User: Krendel | Source: DM ID 6065 (Conv 1590)
bc1qm6snul7z4lkyxvdlu9uavfzrnfqpxern6w42tj | User: Krendel | Source: DM ID 6070 (Conv 1590)
bc1qmczxy6qsm80xfkl9f24xqtr0d5d0fpwzy4s3t5 | User: hotri | Source: DM ID 3710 (Conv 928)
bc1qmmc7mps82elp6q78d8xc2u8wk0gwnqjcftk3tt | User: vAz | Source: DM ID 4673 (Conv 1207)
bc1qp9c26z9cw3qqfy0fx32kl598dnknx7wf3ck3te | User: admin | Source: DM ID 2699 (Conv 308)
bc1qpjftnrmahzc8cjs23snk2rq0vt6l0ehu4gqxus | User: Nowheretogo | Source: Post ID 3645 (Thread 717)
bc1qqt6jjknwe48wc8ewt0nywj7usl30uz4gdxux5w | User: spyboy | Source: DM ID 4155 (Conv 1082)
bc1qsdlnkkk9tpp6fe89ntdwk6hxqvf6ydmjj8lpkr | User: el84 | Source: DM ID 5520 (Conv 1456)
bc1qtzejuulhpsjfghz5q2a9h4vptfd4h5n008m5js | User: admin | Source: DM ID 5206 (Conv 1350)
bc1quuwkwzrpuwnyzt9tjqpt2u0sunqyxrrrua5x6l | User: admin | Source: DM ID 1000 (Conv 170)
bc1qvt60ku3zumfjljqy3nyxq4xrkncfekze8au3y2 | User: admin | Source: DM ID 2621 (Conv 668)
bc1qwgswrxaxxkme88zy7ydvpx43pmca6mqy7sh7q7 | User: admin | Source: DM ID 5363 (Conv 1396)
bc1qx2ptp5rtru0745as8lxaqhmymxu82mz5zw3kn9 | User: boxi | Source: Post ID 3309 (Thread 612)
bc1qxzu4esrm69tucfrpm22nm0s6yt74vysp0qsgzh | User: admin | Source: DM ID 2542 (Conv 633)
bc1qy0gz9dhhck0nwg2nm5feeufczjms7m0vyvsmss | User: tyman | Source: Post ID 3604 (Thread 61)

Related BitCoin wallet addresses for RAMP Ransomware Forum:

Wallet Address	Crypto Type	User	Source Location
39WorQNB1BR6oEJQVvVRPrEqn3U1mvLRCS	Bitcoin (Legacy/P2SH)	Nero	DM ID 4610 (Conv 1168)
3JMkKMnoYW1r1vWMrkKmjHmb1tPfZMajcm	Bitcoin (Legacy/P2SH)	Nowheretogo	Post ID 3063 (Thread 545)
1Fzdh15YCAc97Q148VQgLCZYNqoxvp5xKh	Bitcoin (Legacy/P2SH)	Nowheretogo	Post ID 5159 (Thread 1095)
1DLYfCoRJgyWodjaVm13D43x9ViyiWrvbM	Bitcoin (Legacy/P2SH)	RATNICK	DM ID 7483 (Conv 1813)
1Bc4NkmoQb7a5eA1M2PCChFre8AcETyUBC	Bitcoin (Legacy/P2SH)	Stallman	DM ID 867 (Conv 158)
19g7mbR9d6uGUyFPewV1oMz28ciEFdhXQm	Bitcoin (Legacy/P2SH)	Stallman	DM ID 981 (Conv 189)
19g7mbR9d6uGUyFPewV1oMz28ciEFdhXQm	Bitcoin (Legacy/P2SH)	Stallman	DM ID 982 (Conv 190)
1EBZrrGtXA5kcf88CC1RhzsZKWe2CioWVy	Bitcoin (Legacy/P2SH)	Vism	DM ID 581 (Conv 128)
19g7mbR9d6uGUyFPewV1oMz28ciEFdhXQm	Bitcoin (Legacy/P2SH)	Whop-Whop	DM ID 978 (Conv 189)
14A7TFD5v2M6QGQZM7yqz7F9wDQEh7FqzM	Bitcoin (Legacy/P2SH)	cocacola	DM ID 7359 (Conv 1875)
1EiyWbX9F9YP1SMuSYc3ZsYK1cV4jkodo	Bitcoin (Legacy/P2SH)	cocacola	DM ID 7359 (Conv 1875)
1GQcCAPhzQCxcNA3f5RX89NLMjVaMEi16m	Bitcoin (Legacy/P2SH)	el84	DM ID 3283 (Conv 832)
1Bc4NkmoQb7a5eA1M2PCChFre8AcETyUBC	Bitcoin (Legacy/P2SH)	johndoe	DM ID 844 (Conv 158)
13mpQcVR35pddrdT8YkKyrDiRgou1imhGe	Bitcoin (Legacy/P2SH)	tyman	Post ID 3604 (Thread 61)
19iqYbeATe4RxghQZJnYVFU4mjUUu76EA6	Bitcoin (Legacy/P2SH)	tyman	Post ID 3604 (Thread 61)
1C7msoqUG6GKPuAxg84FWtxGFRH68YiXkJ	Bitcoin (Legacy/P2SH)	tyman	Post ID 3604 (Thread 61)
1JuhgScB7ikMPudVm7PfdMNEzjmoNz9G49	Bitcoin (Legacy/P2SH)	tyman	Post ID 3604 (Thread 61)
16yQbH8hXxSZNASr2ntW21qQewcRgEJf9R	Bitcoin (Legacy/P2SH)	☠xrahitel☠	DM ID 7401 (Conv 1247)
bc1qk3rh7c0h5pv02rluscjnyrce6kv0n5hv8neaxw	Bitcoin (SegWit)	CheckZilla	DM ID 2274 (Conv 308)
bc1qm4kc76vckhdu5xp54natj3fd72wwujl6j9fa3q	Bitcoin (SegWit)	Krendel	DM ID 6065 (Conv 1590)
bc1qm6snul7z4lkyxvdlu9uavfzrnfqpxern6w42tj	Bitcoin (SegWit)	Krendel	DM ID 6070 (Conv 1590)
bc1q6j6g9j24cfkg57hrhz6yev9ym6pleuhtpekkgq	Bitcoin (SegWit)	Mafia	DM ID 723 (Conv 158)
bc1qcvh05dvca25k56k9nclpnq56h9x427fvmcdshy	Bitcoin (SegWit)	Mafia	DM ID 841 (Conv 158)
bc1q8y97gq3apqsmfr808lhcj3uggujcd7786cpfau	Bitcoin (SegWit)	N0_Esc4pe	DM ID 5920 (Conv 1533)
bc1qjneykg4m2hctafyp9tr05mld2m2tn8rjaycze7	Bitcoin (SegWit)	Nero	DM ID 4701 (Conv 1219)
bc1qjneykg4m2hctafyp9tr05mld2m2tn8rjaycze7	Bitcoin (SegWit)	Nero	DM ID 4841 (Conv 1258)
bc1qjneykg4m2hctafyp9tr05mld2m2tn8rjaycze7	Bitcoin (SegWit)	Nero	DM ID 4842 (Conv 1260)
bc1qpjftnrmahzc8cjs23snk2rq0vt6l0ehu4gqxus	Bitcoin (SegWit)	Nowheretogo	Post ID 3645 (Thread 717)
bc1qc2k5hhz5y53ppxyl2n5yhhz2pju3pqnnpn3h3w	Bitcoin (SegWit)	RATNICK	DM ID 6401 (Conv 1670)
bc1q6j6g9j24cfkg57hrhz6yev9ym6pleuhtpekkgq	Bitcoin (SegWit)	Stallman	DM ID 696 (Conv 158)
bc1q6j6g9j24cfkg57hrhz6yev9ym6pleuhtpekkgq	Bitcoin (SegWit)	Stallman	DM ID 717 (Conv 158)
bc1qcvh05dvca25k56k9nclpnq56h9x427fvmcdshy	Bitcoin (SegWit)	Stallman	DM ID 867 (Conv 158)
bc1q6j6g9j24cfkg57hrhz6yev9ym6pleuhtpekkgq	Bitcoin (SegWit)	Stallman	DM ID 918 (Conv 189)
bc1q6j6g9j24cfkg57hrhz6yev9ym6pleuhtpekkgq	Bitcoin (SegWit)	Stallman	DM ID 919 (Conv 190)
bc1q9jvaemgc9262g0lzpsx0ke7z0lpj7yvpl6hfmv	Bitcoin (SegWit)	Stallman	DM ID 981 (Conv 189)
bc1q9jvaemgc9262g0lzpsx0ke7z0lpj7yvpl6hfmv	Bitcoin (SegWit)	Stallman	DM ID 982 (Conv 190)
bc1q3z6fsegsq79k2lcsgkwrez6tcwsvq2uylewp8s	Bitcoin (SegWit)	Support	DM ID 833 (Conv 172)
bc1quuwkwzrpuwnyzt9tjqpt2u0sunqyxrrrua5x6l	Bitcoin (SegWit)	admin	DM ID 1000 (Conv 170)
bc1qk3rh7c0h5pv02rluscjnyrce6kv0n5hv8neaxw	Bitcoin (SegWit)	admin	DM ID 1613 (Conv 308)
bc1qk3rh7c0h5pv02rluscjnyrce6kv0n5hv8neaxw	Bitcoin (SegWit)	admin	DM ID 2268 (Conv 308)
bc1qxzu4esrm69tucfrpm22nm0s6yt74vysp0qsgzh	Bitcoin (SegWit)	admin	DM ID 2542 (Conv 633)
bc1qvt60ku3zumfjljqy3nyxq4xrkncfekze8au3y2	Bitcoin (SegWit)	admin	DM ID 2621 (Conv 668)
bc1qxzu4esrm69tucfrpm22nm0s6yt74vysp0qsgzh	Bitcoin (SegWit)	admin	DM ID 2647 (Conv 656)
bc1qp9c26z9cw3qqfy0fx32kl598dnknx7wf3ck3te	Bitcoin (SegWit)	admin	DM ID 2699 (Conv 308)
bc1qp9c26z9cw3qqfy0fx32kl598dnknx7wf3ck3te	Bitcoin (SegWit)	admin	DM ID 2727 (Conv 308)
bc1qlkltuywcqs03wxu46elh6w2d5e0fvsdw4ddcfd	Bitcoin (SegWit)	admin	DM ID 4066 (Conv 1065)
bc1q0hv5p5gygrqqahj7ds8ssk2kajykjz5rxmspj6	Bitcoin (SegWit)	admin	DM ID 4984 (Conv 1298)
bc1qjvclt6q7d56t4uxhn7u0xhtcp0ef4kjmc4zzjf	Bitcoin (SegWit)	admin	DM ID 5040 (Conv 1316)
bc1q0hv5p5gygrqqahj7ds8ssk2kajykjz5rxmspj6	Bitcoin (SegWit)	admin	DM ID 5105 (Conv 1298)
bc1q0nrnvcqlty00ymr9c6qxvchdyr0w95px5rhtdk	Bitcoin (SegWit)	admin	DM ID 5151 (Conv 308)
bc1qtzejuulhpsjfghz5q2a9h4vptfd4h5n008m5js	Bitcoin (SegWit)	admin	DM ID 5206 (Conv 1350)
bc1qwgswrxaxxkme88zy7ydvpx43pmca6mqy7sh7q7	Bitcoin (SegWit)	admin	DM ID 5363 (Conv 1396)
bc1qa4s3zlrdrjs9a5rjlveswzj0e7c37ptl4aqluf	Bitcoin (SegWit)	admin	DM ID 6016 (Conv 1316)
bc1qfz6jesmux9qps5svlnnk87z86vdnp4l5qqu98s	Bitcoin (SegWit)	admin	DM ID 6943 (Conv 1298)
bc1qllt6vt3zxuclfwng3wfy7grk8kf4rt89cyc5l5	Bitcoin (SegWit)	admin	DM ID 6944 (Conv 1781)
bc1qllt6vt3zxuclfwng3wfy7grk8kf4rt89cyc5l5	Bitcoin (SegWit)	admin	DM ID 6945 (Conv 1802)
bc1qg6cc8dmcvqqpvjz99hsjyt58rzccvtdn8hevr8	Bitcoin (SegWit)	admin	DM ID 7167 (Conv 1830)
bc1qx2ptp5rtru0745as8lxaqhmymxu82mz5zw3kn9	Bitcoin (SegWit)	boxi	Post ID 3309 (Thread 612)
bc1qavkc796mfrrvsyjenvx8ef5xzn6zlrufv4rd7c	Bitcoin (SegWit)	el84	DM ID 5087 (Conv 1328)
bc1qsdlnkkk9tpp6fe89ntdwk6hxqvf6ydmjj8lpkr	Bitcoin (SegWit)	el84	DM ID 5520 (Conv 1456)
bc1qsdlnkkk9tpp6fe89ntdwk6hxqvf6ydmjj8lpkr	Bitcoin (SegWit)	el84	DM ID 5540 (Conv 1460)
bc1q9jvaemgc9262g0lzpsx0ke7z0lpj7yvpl6hfmv	Bitcoin (SegWit)	eliotto	DM ID 922 (Conv 190)
bc1qm6snul7z4lkyxvdlu9uavfzrnfqpxern6w42tj	Bitcoin (SegWit)	ellisjDG	DM ID 6084 (Conv 1590)
bc1qllt6vt3zxuclfwng3wfy7grk8kf4rt89cyc5l5	Bitcoin (SegWit)	eloncrypto	DM ID 6952 (Conv 1782)
bc1qjqugxy6agwujvtyqs5ht8h70cgsf296ekc0ez6	Bitcoin (SegWit)	eloncrypto	DM ID 6980 (Conv 1802)
bc1qmczxy6qsm80xfkl9f24xqtr0d5d0fpwzy4s3t5	Bitcoin (SegWit)	hotri	DM ID 3710 (Conv 928)
bc1qx2ptp5rtru0745as8lxaqhmymxu82mz5zw3kn9	Bitcoin (SegWit)	michael	Post ID 3311 (Thread 612)
bc1q0hv5p5gygrqqahj7ds8ssk2kajykjz5rxmspj6	Bitcoin (SegWit)	o1oo1	DM ID 5104 (Conv 1298)
bc1qqt6jjknwe48wc8ewt0nywj7usl30uz4gdxux5w	Bitcoin (SegWit)	spyboy	DM ID 4155 (Conv 1082)
bc1q87akg05wjnfmxwyj6j6ars9c0q0va6m0xu68xe	Bitcoin (SegWit)	tyman	Post ID 3604 (Thread 61)
bc1qgfsvtpuaaf86zsrcnmhckjk6dv3a9mul9dveve	Bitcoin (SegWit)	tyman	Post ID 3604 (Thread 61)
bc1qy0gz9dhhck0nwg2nm5feeufczjms7m0vyvsmss	Bitcoin (SegWit)	tyman	Post ID 3604 (Thread 61)

Stay tuned.

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com