A ransomware leak site is a website, typically operated by cybercriminal groups, where stolen data from ransomware attacks is published. When victims refuse to pay the demanded ransom, attackers use these sites to publicly expose sensitive or confidential information as leverage. This tactic, known as double extortion, increases pressure on victims by threatening reputational harm, regulatory penalties, or further attacks. Leak sites are often hosted on the dark web to evade law enforcement and are used to showcase successful breaches, intimidate future targets, and attract attention from potential buyers of the stolen data. Their existence highlights the evolving tactics of ransomware operators.