Starting last year, ransomware operators have escalated their extortion strategies by stealing files from victims before encrypting their data. These stolen files are then used as further leverage to force victims to pay. Many operators have created data leak sites to publicly shame their victims and publish the files they stole. This is now a standard tactic for ransomware, all attacks must be treated as a data breach. Below is a list of ransomware operations that have created dedicated data leaks sites to publish data stolen from their victims. The list of the most recent ones includes: AKO Ransomware, Avaddon, Babyk, Conti and DoppelPaymer.
Source: https://www.bleepingcomputer.com/news/security/list-of-ransomware-that-leaks-victims-stolen-files-if-not-paid/