cmdorganization
Ransomware group profile
Description
CMD Organization is a new ransomware group that surfaced in May 2026, claiming to be an IT security firm while engaging in ransomware activities. Their unique auction-based extortion model incentivizes financial gain through public listings of stolen data, setting them apart from traditional groups.
Key insights
- •Utilizes an auction-based extortion model to maximize ransom payments.
- •Exploits vulnerabilities in public-facing applications for initial access.
- •Focuses on data extraction from information repositories.
- •Employs tactics like double extortion and public data leaks on dark web platforms.
- •Operates using a combination of onion sites and clearnet domains.
Threat Level & Status Breakdown
For cmdorganization · Based on incidents in selected period
Recent activity
Monthly attack count for cmdorganization in the selected period
No intelligence data for this group.
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for cmdorganization
T1213
Data from Information Repositories
T1071
Application Layer Protocol
T1562
Impair Defenses
T1059
Command and Scripting Interpreter
T1486
Data Encrypted for Impact
T1490
Inhibit System Recovery
T1021
Remote Services
T1190
T1190
T1041
T1041
T1037
T1037
T1078
Valid Accounts
T1547
Boot or Logon Autostart Execution
Victims(21)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| New FACOM Co., Ltd. | s-facom.jp | JP Japan | Manufacturing | Unknown | 8 days ago | |
| SeeWriteHear | seewritehear.com | GB United Kingdom | Technology | Unknown | 16 days ago | |
| Lake Washington School District | lwsd.wednet.edu | US United States | Education | Unknown | 19 days ago | |
| Lee Law Offices | leelawoffices.org | US United States | Professional Services | Unknown | 20 days ago | |
| Capital Family Physicians | capitalfamilymd.com | US United States | Healthcare | Unknown | 21 days ago | |
| Hospice Savannah | hospicesavannah.org | US United States | Healthcare | Unknown | 22 days ago | |
| North Dallas Shared Ministries | ndsm.org | US United States | Retail & E-Commerce | Unknown | 25 days ago | |
| Stonehenge Therapeutic Community | stonehengetc.com | GB United Kingdom | Healthcare | Unknown | about 1 month ago | |
| Holy Name of Jesus | theholynameofjesus.org | US United States | Other | Unknown | about 1 month ago | |
| Raise the Bottom | raisethebottomidaho.com | US United States | Professional Services | Unknown | about 1 month ago | |
| WholeHealth Chicago | wholehealthchicago.com | US United States | Healthcare | Unknown | about 1 month ago | |
| Houston Eye Associates | houstoneye.com | US United States | Healthcare | Unknown | about 1 month ago | |
| Goodstone Group | goodstone.com.au | AU Australia | Hospitality | Unknown | about 1 month ago | |
| Ira & Larry Goldberg Coins & Collectibles | goldbergcoins.com | US United States | Retail & E-Commerce | Unknown | about 1 month ago | |
| Advanced Software Products Group | aspg.com | US United States | Technology | Unknown | about 1 month ago | |
| PennEastern Architects | penneastern.com | US United States | Professional Services | Unknown | about 1 month ago | |
| Documents | — | — | — | Claimed | about 2 months ago | |
| Document tree | — | — | — | Claimed | about 2 months ago | |
| JG Stewart Construction | jgstewart.ca | CA Canada | Other | Unknown | about 2 months ago | |
| Zampell | zampell.com | IT Italy | Energy & Utilities | Unknown | about 2 months ago |
Page 1 of 2
Affected countries(6)
Countries where this group has been reported to target or leak victims.