Businesses are rapidly seeking to acquire data sourced from ransomware breaches
Businesses are rapidly seeking to acquire data sourced from ransomware breaches
Publish Date: 2026-04-01 02:34:00
Source Domain: www.cybersecurity-insiders.com
In recent years, media reports have frequently highlighted incidents of data theft and extortion, particularly those linked to ransomware attacks. These attacks, once limited to encrypting files and demanding payment for their release, have evolved rapidly.
What began as a single-layer extortion tactic has now grown into more complex schemes, including double and even triple extortion—where attackers not only demand ransom for decryption but also threaten to leak or sell stolen data.
For those trying to understand what actually happens to data stolen during such attacks, new developments are shedding light on an increasingly organized underground ecosystem.
Traditionally, ransomware gangs would steal sensitive information, encrypt it, and then pressure victims into paying a ransom to regain access and prevent public exposure. However, even when victims comply and pay, there has long been skepticism about whether the data is truly deleted.
Recent findings suggest that in many cases, it is not. Instead, cybercriminal groups are now collaborating with entities that outwardly present themselves as legitimate data processing or analytics firms. Behind the scenes, these organizations allegedly acquire stolen data from ransomware operators, refine it into structured and searchable formats, and then sell it to interested buyers. This transforms raw, unorganized stolen data into a highly valuable commodity.
One such platform reportedly operating in this space is Leak Bazaar, which is said to be accessible only via the dark web. It was first identified by Flare, a cybersecurity company based in Quebec, Canada. According to Tammy Harper, a security researcher at Flare, Leak Bazaar functions similarly to an e-discovery platform. It purchases stolen datasets, processes and organizes them, and then resells them to other parties, potentially including businesses seeking competitive intelligence or other sensitive insights.
This development…
