A leak post is a public extortion page used by ransomware groups to name alleged victims, display sample data, and increase pressure to pay. The page may also include deadlines, contact details, screenshots, file lists, or hashes meant to look like evidence.
In cyber security, a leak post matters because it is part of the attack’s psychological and operational pressure campaign. It can signal that an incident is being used for extortion, but it does not by itself prove a breach, encryption, or data theft. Defenders treat it as a trigger for validation: check logs, authentication activity, endpoint alerts, backups, and any signs of unauthorized access or exfiltration. The post may be genuine, misleading, or based on partial information, so the right response is evidence-based triage rather than immediate assumption.