Beazley Security responded to a new ransomware group, CMD Organization, which began posting victims in early April 2026 after first surfacing in late March. The group combines data theft and encryption with a leak-site bidding platform that lets buyers compete for stolen data before it is publicly released. #CMDOrganization #BeazleySecurity #StealC
Keypoints
- CMD Organization is a newly emerged ransomware group with early activity traced to late March 2026.
- The group uses a public leak site with a crypto bidding panel to monetize stolen data.
- Incident responders observed long dwell time, suggesting possible use of initial access brokers.
- The attack began with an SEO-poisoned Bing lure that delivered a malicious JavaScript loader and PowerShell payload.
- CMD Organization used a limited-feature locker, backdoor persistence, and GPO/SYSVOL to spread encryption across the victim network.