Quick Takeaways
- OnSolve’s emergency notification system, CodeRED, was permanently shut down following a targeted ransomware attack that compromised user data.
- The attack, attributed to the INC ransomware group, resulted in theft and leakage of personally identifiable information of users, prompting breach notifications.
- Crisis24 is replacing the legacy system with a new, secure platform and has conducted security audits and third-party penetration tests to contain the damage.
- The company has notified law enforcement, is investigating the incident, and emphasizes ongoing commitment to uninterrupted alerting and public notification services.
The Issue
Recently, OnSolve CodeRED, an emergency notification system used by law enforcement and municipalities nationwide, was permanently shut down after a targeted ransomware attack. The company, Crisis24, confirmed that the cyberattack compromised the environment where the platform operated, stealing personal data such as names, addresses, emails, and passwords from numerous agencies’ users. As a result, many agencies, including the Douglas County Sheriff’s Office in Colorado, severed their ties with the system to prevent further damage. The cybercriminal group known as INC ransomware claimed responsibility for the breach, which prompted Crisis24 to notify law enforcement and initiate a security audit.
The incident happened because organized cybercriminals targeted the platform, exploiting vulnerabilities in the legacy system. Although Crisis24 reassured customers that the new platform, which is being rapidly deployed, remains secure, this episode underscores the ongoing threat cyberattacks pose to critical public safety infrastructure. Moreover, while the local agencies faced immediate disruptions, the national Emergency Alert System was unaffected, demonstrating some resilience in the broader emergency notification landscape. The company continues to investigate the attack and is committed to supporting affected users, yet the breach highlights the persistent risks of cyber threats in the digital age.
What’s at Stake?
The recent shutdown of Crisis24’s emergency notification system following a ransomware attack highlights a serious risk that could easily affect any business. Such attacks can cripple communication channels during critical moments, leaving companies unable to notify employees or partners about urgent issues. As a result, response times slow down, and decision-making becomes delayed, which can escalate crises. Moreover, the loss of reliable alerts increases the likelihood of confusion, mistakes, and even safety hazards. Consequently, businesses not prepared for cyber threats risk operational disruption, reputational damage, and financial loss. Therefore, investing in robust cybersecurity and backup communication systems is essential—no business is immune to this threat.
Fix & Mitigation
Prompted by the critical nature of cybersecurity resilience, timely remediation in the wake of a crisis such as Crisis24’s shutdown of its emergency notification system due to ransomware attack is essential to minimize impact, restore trust, and maintain operational integrity. Swift identification and response are vital to prevent further data compromise, operational delays, and loss of stakeholder confidence.
Mitigation Steps
- Isolate affected systems
- Disable compromised accounts
- Conduct initial forensic analysis
Remediation Steps
- Eradicate malware and unauthorized access
- Apply security patches and updates
- Restore systems from secure backups
- Implement enhanced security controls
- Communicate transparently with stakeholders
- Review and strengthen incident response procedures
Explore More Security Insights
Explore career growth and education via Careers & Learning, or dive into Compliance essentials.
Learn more about global cybersecurity standards through the NIST Cybersecurity Framework.
Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.
Cyberattacks-V1cyberattack-v1-multisource
