Ransomware gangs are using dedicated leak sites to make threats as public as possible. Leak sites include Clop Sekhmet, Nephilim, Mespinoza, Netwalker and RagnarLocker. Most operate leak sites hosted – as with their bitcoin-payment portals for decryptors – on Tor, which makes them tough for others to take down or trace back to the operators. In some cases, if victims’ bitcoins are not forthcoming, attackers dump everything they’ve stolen from the victim.”]
Source: https://www.cuinfosecurity.com/crypto-lock-tell-ransomware-gangs-double-down-on-leaks-a-14286