Knowledge Base
Ransomware Leak Sites
Ransomware leak sites are publicity sites where ransomware groups share the details of their latest victims. However, they also play an important role in how these groups orchestrate and monetize their attacks. These sites provide the ransomware operators with a platform to accept payments from the victims, a space to shame them and apply pressure, and somewhere to leak their data if they don't pay.
Ransomware Leak Sites
8Base
Active since April 2022
263 victims as of January 2024
Akira
Active since March 2023
182 victims as of January 2024
BlackBasta
April 2022
516 victims as of January 2024
Known forum aliases: BlackBasta
BlackCat
Active since November 2021
730 victims as of January 2024
Known forum aliases: alphv, BlackCat46, ransom
Cl0p
Active since February 2019
538 victims as of January 2024
Known forum aliases: CL0P
LockBit
Active since September 2019
2,500 victims as of January 2024
Known forum aliases: LockBitSupp and LockBit
Play
Active since June 2022
328 victims as of January 2024
Rhysida
Active since May 2023
73 victims as of January 2024
Royal
Active since September 2022
Inactive since July 2023
179 victims as of January 2024
Vice Society
Active since May 2021
Inactive since June 2023
181 victims as of January 2024