The Goodstone Group: Exclusive: Tassie hospitality group confirms CMD Organization ransomware attack

New Ransomware Group CMD Organization Targets Australian Hospitality Firm in Data Extortion Scheme

A recently emerged ransomware group, CMD Organization, has listed The Goodstone Group, a Tasmanian hospitality provider, as its first Australian victim on its dark web leak site. The hackers have published stolen documents including employee passport scans, a confidentiality agreement, and bank reconciliation details as proof of the breach, though the full extent of the compromised data remains undisclosed.

The stolen data is currently up for auction, with an asking price of 9 BTC (approximately $1 million). CMD Organization operates a bidding system, allowing the highest bidder to gain exclusive access to the stolen information before it is potentially resold or leaked.

The Goodstone Group confirmed the incident on April 18, 2026, stating it had taken immediate containment measures, engaged external cybersecurity experts, and notified the Australian Cyber Security Centre (ACSC) and the Tasmanian Government. While the company acknowledged that cybercriminals had exfiltrated data, its investigation into the breach’s scope is ongoing. Affected parties will be contacted directly as more details emerge.

CMD Organization, which surfaced in March 2026, markets itself as a "corporate security firm" specializing in vulnerability identification. However, cybersecurity firm Beazley Security suggests the group may rely on initial access brokers (IABs) and lacks mature operational tools. Unlike traditional ransomware gangs, CMD Organization introduces a public bidding model for stolen data, potentially increasing financial pressure on victims by driving up ransom demands.

The Goodstone Group operates nine hotels, five bottleshops, and a nightclub in Davenport and northern Tasmania, employing over 350 staff. This incident marks the group’s eighth claimed victim since its first leak site post on May 2, 2026.

Source: https://www.cyberdaily.au/security/13605-exclusive-tassie-hospitality-group-confirms-cmd-organization-ransomware-attack

Goodstone Inn & Restaurant cybersecurity rating report: https://www.rankiteo.com/company/goodstone-inn-&-restaurant

"id": "GOO1778826233",
"linkid": "goodstone-inn-&-restaurant",
"type": "Ransomware",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Hospitality (Hotels, Bottleshops, '
                                    'Nightclub)',
                        'location': 'Davenport and northern Tasmania, '
                                    'Australia',
                        'name': 'The Goodstone Group',
                        'size': '350+ employees',
                        'type': 'Hospitality'}],
 'customer_advisories': 'Affected parties will be contacted directly',
 'data_breach': {'data_exfiltration': 'Yes',
                 'file_types_exposed': ['Passport scans',
                                        'Confidentiality agreement',
                                        'Bank reconciliation details'],
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Personally identifiable '
                                             'information, financial '
                                             'documents'},
 'date_publicly_disclosed': '2026-04-18',
 'description': 'A recently emerged ransomware group, CMD Organization, has '
                'listed The Goodstone Group, a Tasmanian hospitality provider, '
                'as its first Australian victim on its dark web leak site. The '
                'hackers published stolen documents including employee '
                'passport scans, a confidentiality agreement, and bank '
                'reconciliation details as proof of the breach. The stolen '
                'data is up for auction with an asking price of 9 BTC '
                '(approximately $1 million).',
 'impact': {'data_compromised': 'Employee passport scans, confidentiality '
                                'agreement, bank reconciliation details',
            'identity_theft_risk': 'High',
            'payment_information_risk': 'High'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Yes (auction)'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain (data extortion)',
 'ransomware': {'data_exfiltration': 'Yes',
                'ransom_demanded': '9 BTC (~$1 million)'},
 'references': [{'source': 'Beazley Security'}],
 'regulatory_compliance': {'regulatory_notifications': 'Australian Cyber '
                                                       'Security Centre '
                                                       '(ACSC), Tasmanian '
                                                       'Government'},
 'response': {'communication_strategy': 'Affected parties to be contacted '
                                        'directly',
              'containment_measures': 'Immediate containment measures taken',
              'incident_response_plan_activated': 'Yes',
              'law_enforcement_notified': 'Australian Cyber Security Centre '
                                          '(ACSC), Tasmanian Government',
              'third_party_assistance': 'External cybersecurity experts'},
 'threat_actor': 'CMD Organization',
 'title': 'CMD Organization Ransomware Attack on The Goodstone Group',
 'type': 'Ransomware'}

The Goodstone Group: Exclusive: Tassie hospitality group confirms CMD Organization ransomware attack

Washoe County School District: Sorry, this feature isn't currently supported in your country

Weil Gotshal & Manges LLP: Healthcare AuthorityDeals & Corporate GovernanceDigital Health & TechnologyOtherPolicy & Compliance

Samba Team: Critical Samba Vulnerability Enables Remote Code Execution Attacks