Cybercriminals give Mount Royal University one week to pay ransom

A cybercriminal group called CMD Organization today took credit for a June 2026 cyber attack on Mount Royal University in Calgary, Alberta.

MRU on June 17 announced a cyber incident affected its systems, including payroll and student accommodation registration. The system disruptions are still ongoing as of time of writing.

CMD Organization today claimed responsibility for the breach on its data leak website. CMD says it stole 10 TB of data from MRU and is demanding a $1.9 million ransom within one week. To prove its claim, CMD posted sample images of what it says are documents stolen from MRU.

CMD Organization lists Mount Royal University on its data leak site.
CMD Organization lists Mount Royal University on its data leak site.

MRU has not acknowledged CMD’s claim and Comparitech cannot independently verify its authenticity. We do not know what data was compromised, how attackers breached MRU’s network, or if MRU did or will pay a ransom. Comparitech contacted MRU for comment and will update this article if it replies.

“On Wednesday, June 17, the University advised the community that it was experiencing technical disruptions affecting certain systems. We can now confirm that those disruptions are the result of a cyber incident,” says the school’s June 18 emergency update.

“The investigation is still in its early stages. At this time, we have not determined whether any personal information or other data was accessed or taken.”

Who is CMD Organization?

CMD Organization is a new cybercriminal group that started listing victims on its data leak website in May 2026. It operates a ransomware-as-a-service scheme in which affiliates pay to use CMD’s malware and infrastructure to launch attacks and collect ransoms. Most ransomware groups negotiate with victims directly, but CMD is known to auction off stolen data to the highest bidder.

CMD has claimed responsibility for 32 ransomware attacks since it began. Of those, four were confirmed by the organizations it targeted. Its average ransom demand is $580,000.

The group’s other confirmed attacks hit:

  • Shin FA-COM in Japan
  • Goodstone Group in Australia
  • Lorenskog Municipality in Norway

Lorenskog officials said attackers broke into their systems after an employee downloaded a malware-infected file from a website. The attackers spent two weeks mapping the city’s network before deploying the ransomware.

Ransomware attacks on education

Comparitech researchers have logged 35 confirmed ransomware attacks on schools, universities, and other educational institutions worldwide in 2026 to date.

These other schools recently confirmed ransomware attacks:

  • Evanston Township High School District 202 (IL)
  • Reynella East College (Australia)
  • Kozminski University (Poland)
  • Musashino University (Japan)

We’re monitoring 74 more unconfirmed attack claims made in 2026 to date.

Ransomware attacks on schools can both steal data and disrupt day-to-day operations such as taking attendance, submitting grades, phone and email communications, billing, payroll, and assignments. Schools that refuse to pay can face extended downtime, permanent data loss, and putting students and faculty at increased risk of fraud.

About Mount Royal University

MRU is a public university in Calgary, Alberta, Canada. It enrolls roughly 12,000 students per semester and employs 740 faculty.