- Confidential and Proprietary - Luminar Annual Threat Landscape Report Page 6 Some ransomware gangs added a search function on the data leak sites, which enables users to find certain victims or even specific details. 6 LockBit, a well-known ransomware gang, even started using its data leak site to sell the victims’ stolen data to other threat actors. 7 Lockbit3.0 data leak platform. Source: Dark Web During 2022, we noticed that several ransomware groups had used Telegram, a trend that, according to our assessment, could intensify with time. The Bl00Dy Ransomware gang, for instance, which began operating around May 2022, uses a Telegram channel instead of using a Dark Web data leak site to extort victims and publish stolen data. 8 Moreover, in mid-July 2022, a new ransomware family dubbed ROADSWEEP dropped a politically themed ransom note suggesting it had targeted the Albanian government. A front named “HomeLand Justice” took credit for this activity, posting a video 6 https://www.bleepingcomputer.com/news/security/ransomware-gang-now-lets-you-search-their-stolen- data/ 7 https://www.bleepingcomputer.com/news/security/lockbit-30-introduces-the-first-ransomware-bug-bounty- program/ 8 https://www.bleepingcomputer.com/news/security/leaked-lockbit-30-builder-used-by-bl00dy-ransomware- gang-in-attacks/