Ransomware Intelligence

cmd organization

Ransomware group profile

21Victims
55Impact score

Description

CMD Organization is a new ransomware group that surfaced in May 2026, claiming to be an IT security firm while engaging in ransomware activities. Their unique auction-based extortion model incentivizes financial gain through public listings of stolen data, setting them apart from traditional groups.

Key insights

  • Utilizes an auction-based extortion model to maximize ransom payments.
  • Exploits vulnerabilities in public-facing applications for initial access.
  • Focuses on data extraction from information repositories.
  • Employs tactics like double extortion and public data leaks on dark web platforms.
  • Operates using a combination of onion sites and clearnet domains.

Industries

EducationEnergy & UtilitiesGovernment & DefenseHealthcareHospitalityManufacturingOtherProfessional ServicesRetail & E-CommerceTechnology

Threat Level & Status Breakdown

For cmd organization · Based on incidents in selected period

4threat level
Aggressiveness7/ 10
Lethality0/ 10
Criticality5/ 10
First seenMay 2026
Last seenJun 2026
Avg ransom
Payment rate
Statusactive
Sophistication0
Last updatedJun 20, 2026

Recent activity

Monthly attack count for cmd organization in the selected period

21Total attacks
17peak in May
10.5avg / month
↓ 13 vs first month
MayJun05101520

No intelligence data for this group.

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for cmd organization

Collection

T1213

Data from Information Repositories

T1071

Application Layer Protocol

Defense Evasion

T1562

Impair Defenses

Execution

T1059

Command and Scripting Interpreter

Impact

T1486

Data Encrypted for Impact

T1490

Inhibit System Recovery

Lateral Movement

T1021

Remote Services

Other

T1190

T1190

T1041

T1041

T1037

T1037

Persistence

T1078

Valid Accounts

T1547

Boot or Logon Autostart Execution

Victims(21)

CompanyDomainCountryIndustryStatusDiscovered
Pinnacle Re-TecProfessional Services
Unknown
about 20 hours ago
Southern design RVRetail & E-Commerce
Unknown
about 22 hours ago
New FACOM Co., Ltd.Manufacturing
Unknown
10 days ago
SeeWriteHearTechnology
Unknown
17 days ago
Lake Washington School DistrictUS United StatesEducation
Unknown
21 days ago
Lee Law OfficesUS United StatesProfessional Services
Unknown
22 days ago
Capital Family PhysiciansUS United StatesHealthcare
Unknown
23 days ago
Hospice SavannahUS United StatesHealthcare
Unknown
24 days ago
North Dallas Shared MinistriesUS United StatesGovernment & Defense
Unknown
27 days ago
Stonehenge Therapeutic CommunityUS United StatesHealthcare
Unknown
about 1 month ago
Holy Name of JesusUS United StatesOther
Unknown
about 1 month ago
Raise the BottomUS United StatesHealthcare
Unknown
about 1 month ago
WholeHealth ChicagoUS United StatesHealthcare
Unknown
about 1 month ago
Houston Eye AssociatesUS United StatesHealthcare
Unknown
about 1 month ago
Goodstone GroupHospitality
Unknown
about 1 month ago
Ira & Larry Goldberg Coins & CollectiblesRetail & E-Commerce
Unknown
about 1 month ago
Advanced Software Products GroupTechnology
Unknown
about 1 month ago
PennEastern ArchitectsUS United StatesProfessional Services
Unknown
about 1 month ago
Cytek BiosciencesUS United StatesHealthcare
Unknown
about 2 months ago
JG Stewart ConstructionOther
Unknown
about 2 months ago

Page 1 of 2

Affected countries(6)

Countries where this group has been reported to target or leak victims.

🇦🇺Australia🇨🇦Canada🇬🇧United Kingdom🇮🇹Italy🇯🇵Japan🇺🇸United States