Ransomware Groups Cmdorg and TheGentlemen Allegedly Add New Victims Including Mount Royal University and MBT Energy — Dark Web recent claims + Video

Listen to this Post

Featured ImageIntroduction: A New Wave of Ransomware Claims Targets Education and Energy Sectors

Cybercriminal groups continue to expand their operations by targeting organizations across critical sectors, including universities, energy companies, healthcare providers, and businesses. Recent threat intelligence monitoring has highlighted alleged victim additions linked to the ransomware groups cmdorg and TheGentlemen, with claims involving Mount Royal University and MBT Energy.

The reports originate from cybersecurity monitoring activity shared by the ThreatMon Threat Intelligence Team, which tracks ransomware-related activity, dark web postings, and indicators connected to cybercrime operations. At this stage, the claims remain unverified, and no public confirmation has been provided by the organizations reportedly affected.

the Original Report

Threat Intelligence Team Detects New Ransomware Activity

According to a threat intelligence update, researchers monitoring dark web ransomware activity identified two alleged new victims connected to separate ransomware groups. The activity was attributed to the groups known as cmdorg and TheGentlemen.

Cmdorg Allegedly Lists Mount Royal University as a Victim

The ransomware group cmdorg reportedly added Mount Royal University to its victim list on July 7, 2026. The claim was detected through threat monitoring activity focused on ransomware leak sites and underground cybercrime channels.

Mount Royal University is a higher education institution based in Calgary, Canada, serving thousands of students and staff members. Universities are frequently targeted by ransomware operators because they maintain large amounts of valuable data, including personal information, research files, administrative records, and financial systems.

TheGentlemen Allegedly Targets MBT Energy

A separate report indicated that the ransomware group TheGentlemen allegedly added MBT Energy as another victim. The company operates within the energy sector, making it a potentially attractive target due to the importance of energy-related organizations and their operational data.

Energy companies remain among the most targeted industries globally because disruptions can create significant operational pressure and increase the likelihood of ransom negotiations.

No Official Confirmation Has Been Released

At the time of reporting, neither Mount Royal University nor MBT Energy has publicly confirmed experiencing a ransomware incident. Threat actor claims should always be treated carefully because ransomware groups sometimes publish exaggerated, misleading, or false victim announcements to increase pressure on organizations.

Cybersecurity researchers typically require additional evidence, such as leaked files, internal documents, or official statements, before confirming an incident.

Deep Analysis: Ransomware Threat Landscape and What These Claims Reveal

The Growing Strategy Behind Ransomware Victim Lists

Ransomware groups increasingly use public victim announcements as a psychological weapon. By publishing names on underground leak platforms, attackers attempt to pressure organizations into negotiating while damaging their reputation.

Even before confirming whether data was stolen, the appearance of an organization’s name on a ransomware site can trigger concern among customers, employees, and partners.

Universities Remain High-Value Cyber Targets

Educational institutions have become frequent ransomware targets because they combine valuable information with complex technology environments.

Universities often operate thousands of user accounts, outdated systems, research databases, cloud platforms, and interconnected networks. This creates multiple opportunities for attackers to gain access.

Why Attackers Target Research and Student Data

Academic organizations store sensitive information, including student records, employee information, financial details, and research materials.

Threat actors understand that stolen academic data can be valuable for identity fraud, espionage, or further cyberattacks.

Energy Companies Face Strategic Cyber Risks

The alleged targeting of MBT Energy highlights continued ransomware interest in the energy sector.

Energy organizations are considered strategically important because downtime can affect operations, customers, suppliers, and public confidence.

Ransomware Groups Use Reputation-Based Pressure

Modern ransomware operations are not only focused on encryption. Many groups now rely heavily on double extortion methods.

Attackers threaten to publish stolen information if victims refuse payment, creating additional pressure beyond system disruption.

The Importance of Threat Intelligence Monitoring

Organizations increasingly rely on threat intelligence platforms to detect early warnings about possible attacks.

Monitoring dark web sources can help security teams identify leaked credentials, ransomware claims, and emerging threats before they become larger incidents.

Cmdorg Activity Requires Further Investigation

The alleged cmdorg claim involving Mount Royal University requires additional verification.

Security researchers should examine whether the group provides proof of access, stolen samples, or other evidence supporting the allegation.

TheGentlemen Continues the Pattern of Extortion Attacks

The alleged MBT Energy claim follows a broader ransomware trend where groups target organizations that may face operational pressure.

Attackers often select victims where downtime or data exposure could create financial and reputational consequences.

False Claims Remain a Challenge

Not every ransomware announcement represents a successful breach.

Some ransomware groups publish fake victim lists, recycled information, or exaggerated claims to maintain visibility and reputation within cybercriminal communities.

Organizations Must Prepare Before Attacks Occur

Strong cybersecurity preparation remains essential regardless of whether a specific claim is confirmed.

Organizations should maintain offline backups, enforce multi-factor authentication, monitor privileged accounts, and regularly test incident response plans.

Ransomware Defense Requires Multiple Security Layers

No single security tool can fully prevent ransomware.

Effective defense requires endpoint protection, network monitoring, employee awareness training, vulnerability management, and rapid response capabilities.

The Future of Ransomware Will Continue to Evolve

Cybercriminal groups continue adapting their techniques, using automation, stolen credentials, and advanced social engineering methods.

The ransomware ecosystem is expected to remain active as attackers search for organizations with valuable data and weak defenses.

What Undercode Say:

Ransomware Claims Must Be Treated as Early Warning Signals

The alleged additions of Mount Royal University and MBT Energy show how ransomware groups continue using public claims as part of their attack strategy.

Dark Web Monitoring Has Become a Critical Security Tool

Threat intelligence monitoring provides organizations with valuable visibility into underground activities before incidents become widely known.

Education Sector Security Needs Greater Investment

Universities remain attractive targets because of their large digital environments and valuable information assets.

Energy Sector Attacks Create Wider Concerns

Cyberattacks against energy-related companies can have consequences beyond the organization itself because these companies support essential services.

Victim Announcements Are Designed for Maximum Pressure

Ransomware groups use public exposure as a negotiation tactic, hoping organizations will pay quickly to avoid reputational damage.

Verification Remains Essential

Security researchers and media organizations should avoid treating ransomware claims as confirmed breaches without supporting evidence.

Data Theft Is Often More Dangerous Than Encryption

Modern ransomware campaigns increasingly focus on stealing information because leaked data can create long-term consequences.

Attackers Continue Exploiting Human Weaknesses

Many ransomware incidents begin with phishing, stolen passwords, or compromised accounts rather than advanced technical exploits.

Organizations Should Assume They Are Potential Targets

Small and large organizations alike are now targeted because ransomware groups automate victim discovery.

Backup Strategies Remain Fundamental

Reliable backups can reduce the impact of ransomware attacks and limit attackers’ ability to force payment.

Multi-Factor Authentication Reduces Risk

Strong authentication controls remain one of the most effective defenses against account compromise.

Cybersecurity Awareness Is a Continuous Process

Employees must regularly receive training because attackers constantly change their social engineering methods.

Ransomware Groups Compete for Reputation

Cybercriminal groups often publicize attacks to prove their capability and attract attention from potential affiliates.

Leak Sites Have Become Marketing Platforms

Many ransomware operations use public websites as a way to advertise their activity and pressure victims.

Threat Intelligence Helps Organizations React Faster

Early detection can provide security teams with valuable time to investigate and contain threats.

Critical Industries Need Stronger Protection

Education and energy organizations should continue improving cybersecurity investment due to their strategic importance.

Ransomware Will Likely Remain a Major Threat

Despite law enforcement actions, ransomware ecosystems continue rebuilding and adapting.

Organizations Should Focus on Resilience

Preventing every attack is difficult, but reducing damage through preparation is achievable.

Public Claims Should Encourage Investigation

Even unconfirmed ransomware allegations should trigger internal security reviews.

The Cybersecurity Community Must Continue Sharing Intelligence

Collaboration between researchers, companies, and governments remains essential for reducing ransomware impact.

✅ Confirmed: Threat monitoring reports identified alleged ransomware victim listings connected to cmdorg and TheGentlemen.
❌ Not Confirmed: There is currently no public verification proving Mount Royal University or MBT Energy suffered a ransomware breach.
✅ Accurate Context: Ransomware groups frequently publish unverified claims as part of extortion campaigns and reputation-building efforts.

Prediction

(-1) Ransomware Activity Against Strategic Organizations Will Continue Increasing

Ransomware groups are expected to keep targeting universities, energy companies, and other organizations holding valuable information. The combination of financial motivation, data theft opportunities, and operational disruption makes these sectors attractive targets.

(-1) False and Unverified Claims Will Remain Common

As ransomware groups compete for attention, fake or exaggerated victim announcements are likely to continue appearing on underground platforms.

(+1) Threat Intelligence Adoption Will Improve Detection

More organizations are expected to invest in dark web monitoring and threat intelligence solutions, allowing them to discover potential threats earlier.

(+1) Stronger Security Practices Will Reduce Attack Impact

Organizations that improve authentication, backups, employee training, and incident response planning will be better positioned to limit ransomware damage.

▶️ Related Video (66% Match):

🕵️‍📝Let’s dive deep and fact‑check.

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

References:

Reported By: x.com
Extra Source Hub (Possible Sources for article):
https://www.quora.com
Wikipedia
OpenAi & Undercode AI

Image Source:

Unsplash
Undercode AI DI v2

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeNews & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon | 📺Youtube