cmdorganization Ransomware Group
Ransomware group profile
Description
CMD Organization is a new ransomware group that surfaced in May 2026, claiming to be an IT security firm while engaging in ransomware activities. Their unique auction-based extortion model incentivizes financial gain through public listings of stolen data, setting them apart from traditional groups.
Key insights
- •Utilizes an auction-based extortion model to maximize ransom payments.
- •Exploits vulnerabilities in public-facing applications for initial access.
- •Focuses on data extraction from information repositories.
- •Employs tactics like double extortion and public data leaks on dark web platforms.
- •Operates using a combination of onion sites and clearnet domains.
Threat Level & Status Breakdown
For cmdorganization · Based on incidents in selected period
Recent activity
Monthly attack count for cmdorganization in the selected period
No intelligence data for this group.
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for cmdorganization
T1213
Data from Information Repositories
T1071
Application Layer Protocol
T1562
Impair Defenses
T1059
Command and Scripting Interpreter
T1486
Data Encrypted for Impact
T1490
Inhibit System Recovery
T1021
Remote Services
T1190
T1190
T1041
T1041
T1037
T1037
T1078
Valid Accounts
T1547
Boot or Logon Autostart Execution
Victims(38)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Target Energy Solutions | target-energysolutions.com | US United States | Energy & Utilities | Unknown | 1 day ago | |
| Els for Autism | elsforautism.org | US United States | Healthcare | Unknown | 3 days ago | |
| Golden Star Resources | gsr.com | GH Ghana | Energy & Utilities | Unknown | 4 days ago | |
| Finance Yorkshire | finance-yorkshire.com | GB United Kingdom | Financial Services | Unknown | 6 days ago | |
| Mount Royal University | — | CA Canada | Education | Unknown | 8 days ago | |
| Medlink Georgia | medlinkga.org | GE Georgia | Healthcare | Unknown | 16 days ago | |
| Port Angeles Composite | pacomposite.com | US United States | Manufacturing | Unknown | 16 days ago | |
| Lørenskog kommune | lorenskog.kommune.no | NO Norway | Government & Defense | Unknown | 16 days ago | |
| METCO Services, Metco Southeast | metcoservices.com | US United States | Professional Services | Unknown | 16 days ago | |
| Fidelity Security Group | fidelitysecurity.co | CO Colombia | Financial Services | Unknown | 17 days ago | |
| Kohinoor Mills | kohinoormills.com | IN India | Manufacturing | Unknown | 20 days ago | |
| Coldstat Refrigeration | coldstat.com | GB United Kingdom | Other | Unknown | 22 days ago | |
| EON Meditech Pvt | eonmeditech.com | IN India | Healthcare | Unknown | 23 days ago | |
| Union Tractor | uniontractor.com | US United States | Other | Unknown | 23 days ago | |
| Wall ISD | wallisd.net | US United States | Education | Unknown | 24 days ago | |
| Pinnacle Re-Tec | pinnacleretec.com | US United States | Professional Services | Unknown | 25 days ago | |
| Southern design RV | southerndesignrv.com.au | AU Australia | Retail & E-Commerce | Unknown | 25 days ago | |
| New FACOM Co., Ltd. | s-facom.jp | JP Japan | Manufacturing | Unknown | about 1 month ago | |
| SeeWriteHear | seewritehear.com | GB United Kingdom | Technology | Unknown | about 1 month ago | |
| Lake Washington School District | lwsd.wednet.edu | US United States | Education | Unknown | about 2 months ago |
Page 1 of 2
Affected countries(13)
Countries where this group has been reported to target or leak victims.