Ransomware Intelligence

cmd organization

Ransomware group profile

17Victims
47Impact score

Description

CMD Organization is a new ransomware group that surfaced in May 2026, claiming to be an IT security firm while engaging in ransomware activities. Their unique auction-based extortion model incentivizes financial gain through public listings of stolen data, setting them apart from traditional groups.

Key insights

  • Utilizes an auction-based extortion model to maximize ransom payments.
  • Exploits vulnerabilities in public-facing applications for initial access.
  • Focuses on data extraction from information repositories.
  • Employs tactics like double extortion and public data leaks on dark web platforms.
  • Operates using a combination of onion sites and clearnet domains.

Industries

EducationEnergy & UtilitiesGovernment & DefenseHealthcareHospitalityManufacturingOtherProfessional ServicesRetail & E-CommerceTechnology

Threat Level & Status Breakdown

For cmd organization · Based on incidents in selected period

4.4threat level
Aggressiveness8.3/ 10
Lethality0/ 10
Criticality5/ 10
First seenMay 2026
Last seenMay 2026
Avg ransom
Payment rate
Statusactive
Sophistication0
Last updatedJun 2, 2026

Recent activity

Monthly attack count for cmd organization in the selected period

17Total attacks
17peak in May
17avg / month
May05101520

No intelligence data for this group.

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for cmd organization

Collection

T1213

Data from Information Repositories

T1071

Application Layer Protocol

Defense Evasion

T1562

Impair Defenses

Execution

T1059

Command and Scripting Interpreter

Impact

T1486

Data Encrypted for Impact

T1490

Inhibit System Recovery

Lateral Movement

T1021

Remote Services

Other

T1190

T1190

T1041

T1041

T1037

T1037

Persistence

T1078

Valid Accounts

T1547

Boot or Logon Autostart Execution

Victims(17)

CompanyDomainCountryIndustryStatusDiscovered
Lake Washington School DistrictUS United StatesEducation
Unknown
3 days ago
Lee Law OfficesUS United StatesProfessional Services
Unknown
4 days ago
Capital Family PhysiciansUS United StatesHealthcare
Unknown
5 days ago
Hospice SavannahUS United StatesHealthcare
Unknown
6 days ago
North Dallas Shared MinistriesUS United StatesGovernment & Defense
Unknown
9 days ago
Stonehenge Therapeutic CommunityUS United StatesHealthcare
Unknown
16 days ago
Holy Name of JesusUS United StatesOther
Unknown
17 days ago
Raise the BottomUS United StatesHealthcare
Unknown
19 days ago
WholeHealth ChicagoUS United StatesHealthcare
Unknown
19 days ago
Houston Eye AssociatesUS United StatesHealthcare
Unknown
20 days ago
Goodstone GroupHospitality
Unknown
20 days ago
Ira & Larry Goldberg Coins & CollectiblesRetail & E-Commerce
Unknown
20 days ago
Advanced Software Products GroupTechnology
Unknown
23 days ago
PennEastern ArchitectsUS United StatesProfessional Services
Unknown
27 days ago
Cytek BiosciencesUS United StatesHealthcare
Unknown
about 1 month ago
JG Stewart ConstructionOther
Unknown
about 1 month ago
ZampellEnergy & Utilities
Unknown
about 1 month ago

Affected countries(5)

Countries where this group has been reported to target or leak victims.

🇦🇺Australia🇨🇦Canada🇬🇧United Kingdom🇮🇹Italy🇺🇸United States