Ransomware Intelligence

cmd organization

Ransomware group profile

25Victims
56Impact score

Description

CMD Organization is a new ransomware group that surfaced in May 2026, claiming to be an IT security firm while engaging in ransomware activities. Their unique auction-based extortion model incentivizes financial gain through public listings of stolen data, setting them apart from traditional groups.

Key insights

  • Utilizes an auction-based extortion model to maximize ransom payments.
  • Exploits vulnerabilities in public-facing applications for initial access.
  • Focuses on data extraction from information repositories.
  • Employs tactics like double extortion and public data leaks on dark web platforms.
  • Operates using a combination of onion sites and clearnet domains.

Industries

EducationEnergy & UtilitiesGovernment & DefenseHealthcareHospitalityManufacturingOtherProfessional ServicesRetail & E-CommerceTechnology

Threat Level & Status Breakdown

For cmd organization · Based on incidents in selected period

5threat level
Aggressiveness10/ 10
Lethality0/ 10
Criticality5/ 10
First seenMay 2026
Last seenJun 2026
Avg ransom
Payment rate
Statusactive
Sophistication0
Last updatedJun 23, 2026

Recent activity

Monthly attack count for cmd organization in the selected period

25Total attacks
17peak in May
12.5avg / month
↓ 9 vs first month
MayJun05101520

No intelligence data for this group.

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for cmd organization

Collection

T1213

Data from Information Repositories

T1071

Application Layer Protocol

Defense Evasion

T1562

Impair Defenses

Execution

T1059

Command and Scripting Interpreter

Impact

T1486

Data Encrypted for Impact

T1490

Inhibit System Recovery

Lateral Movement

T1021

Remote Services

Other

T1190

T1190

T1041

T1041

T1037

T1037

Persistence

T1078

Valid Accounts

T1547

Boot or Logon Autostart Execution

Victims(25)

CompanyDomainCountryIndustryStatusDiscovered
Coldstat RefrigerationOther
Unknown
2 days ago
EON Meditech PvtHealthcare
Unknown
3 days ago
Union TractorOther
Unknown
3 days ago
Wall ISDEducation
Unknown
4 days ago
Pinnacle Re-TecProfessional Services
Unknown
5 days ago
Southern design RVRetail & E-Commerce
Unknown
5 days ago
New FACOM Co., Ltd.Manufacturing
Unknown
14 days ago
SeeWriteHearTechnology
Unknown
22 days ago
Lake Washington School DistrictUS United StatesEducation
Unknown
25 days ago
Lee Law OfficesUS United StatesProfessional Services
Unknown
26 days ago
Capital Family PhysiciansUS United StatesHealthcare
Unknown
27 days ago
Hospice SavannahUS United StatesHealthcare
Unknown
28 days ago
North Dallas Shared MinistriesUS United StatesGovernment & Defense
Unknown
about 1 month ago
Stonehenge Therapeutic CommunityUS United StatesHealthcare
Unknown
about 1 month ago
Holy Name of JesusUS United StatesOther
Unknown
about 1 month ago
Raise the BottomUS United StatesHealthcare
Unknown
about 1 month ago
WholeHealth ChicagoUS United StatesHealthcare
Unknown
about 1 month ago
Houston Eye AssociatesUS United StatesHealthcare
Unknown
about 1 month ago
Goodstone GroupHospitality
Unknown
about 1 month ago
Ira & Larry Goldberg Coins & CollectiblesRetail & E-Commerce
Unknown
about 1 month ago

Page 1 of 2

Affected countries(6)

Countries where this group has been reported to target or leak victims.

🇦🇺Australia🇨🇦Canada🇬🇧United Kingdom🇮🇹Italy🇯🇵Japan🇺🇸United States