- Confidential and Proprietary - Luminar Annual Threat Landscape Report Page 5 information can include usernames, passwords, payment card details, and cryptocurrency wallets. In some cases, the selling advertisements on such marketplaces name the InfoStealer used to obtain the data from infected systems. Russian Market marketplace. Source: Dark Web The underground marketplaces’ customers place orders through the markets’ websites to complete the transaction. Marketplace customers set up accounts and add funds,, usually using cryptocurrency. Some marketplaces accept payment in USD. The owners of the marketplaces receive commissions for transactions conducted on their platforms. Telegram, on the other hand, enables threat actors to form and join groups and channels that align with their particular interest, while mostly avoiding the involvement of third parties. 2.3 Data Leak Sites Evolving techniques of ransomware gangs include new ways to coerce victims into paying ransoms. Many ransomware groups adopt multiple extortion techniques, such as the use of Dark Web data leak sites, to apply additional pressure on the victims. These data leak sites are used as leverage to aid operator threats to release victims’ sensitive information. Eventually, if the victims do not pay the ransom demands, the groups publish their stolen data on these designated sites. This trend surged during 2021, as the number of victims whose data was posted on these leak sites rose by 85% compared to 2020 to include 2,566 organizations. 5 Threat actors have improved their efforts over time to put pressure on victims using those platforms. 5 https://www.paloaltonetworks.com/blog/2022/03/ransomware-trends-demands-dark-web-leak-sites/