Ransomware Intelligence

cmdorganization

Ransomware group profile

2Victims
47Impact score

Description

CMD Organization is a new ransomware group that surfaced in May 2026, claiming to be an IT security firm while engaging in ransomware activities. Their unique auction-based extortion model incentivizes financial gain through public listings of stolen data, setting them apart from traditional groups.

Key insights

  • Utilizes an auction-based extortion model to maximize ransom payments.
  • Exploits vulnerabilities in public-facing applications for initial access.
  • Focuses on data extraction from information repositories.
  • Employs tactics like double extortion and public data leaks on dark web platforms.
  • Operates using a combination of onion sites and clearnet domains.

Industries

Energy & UtilitiesHealthcareManufacturingOther

Threat Level & Status Breakdown

For cmdorganization · Based on incidents in selected period

4.6threat level
Aggressiveness8.8/ 10
Lethality0/ 10
Criticality5/ 10
First seenMay 2026
Last seenMay 2026
Avg ransom
Payment rate
Statusactive
Sophistication0
Last updatedJun 2, 2026

Recent activity

Monthly attack count for cmdorganization in the selected period

2Total attacks
2peak in May
2avg / month
May00.511.52

No intelligence data for this group.

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for cmdorganization

Collection

T1213

Data from Information Repositories

T1071

Application Layer Protocol

Defense Evasion

T1562

Impair Defenses

Execution

T1059

Command and Scripting Interpreter

Impact

T1486

Data Encrypted for Impact

T1490

Inhibit System Recovery

Lateral Movement

T1021

Remote Services

Other

T1190

T1190

T1041

T1041

T1037

T1037

Persistence

T1078

Valid Accounts

T1547

Boot or Logon Autostart Execution

Victims(19)

CompanyDomainCountryIndustryStatusDiscovered
Lake Washington School Districtlwsd.wednet.eduUS United StatesEducation
Unknown
3 days ago
Lee Law Officesleelawoffices.orgUS United StatesProfessional Services
Unknown
4 days ago
Capital Family Physicianscapitalfamilymd.comUS United StatesHealthcare
Unknown
5 days ago
Hospice Savannahhospicesavannah.orgUS United StatesHealthcare
Unknown
6 days ago
North Dallas Shared Ministriesndsm.orgUS United StatesRetail & E-Commerce
Unknown
9 days ago
Stonehenge Therapeutic Communitystonehengetc.comGB United KingdomHealthcare
Unknown
16 days ago
Holy Name of Jesustheholynameofjesus.orgUS United StatesOther
Unknown
17 days ago
Raise the Bottomraisethebottomidaho.comUS United StatesProfessional Services
Unknown
19 days ago
WholeHealth Chicagowholehealthchicago.comUS United StatesHealthcare
Unknown
19 days ago
Houston Eye Associateshoustoneye.comUS United StatesHealthcare
Unknown
20 days ago
Goodstone Groupgoodstone.com.auAU AustraliaHospitality
Unknown
20 days ago
Ira & Larry Goldberg Coins & Collectiblesgoldbergcoins.comUS United StatesRetail & E-Commerce
Unknown
21 days ago
Advanced Software Products Groupaspg.comUS United StatesTechnology
Unknown
23 days ago
PennEastern Architectspenneastern.comUS United StatesProfessional Services
Unknown
27 days ago
Document tree
Claimed
about 1 month ago
Documents
Claimed
about 1 month ago
JG Stewart Constructionjgstewart.caCA CanadaOther
Unknown
about 1 month ago
Zampellzampell.comIT ItalyEnergy & Utilities
Unknown
about 1 month ago
Cytek Biosciencescytekbio.comUS United StatesHealthcare
Unknown
about 1 month ago

Affected countries(5)

Countries where this group has been reported to target or leak victims.

🇦🇺Australia🇨🇦Canada🇬🇧United Kingdom🇮🇹Italy🇺🇸United States