Summary Points
- Crisis24’s OnSolve CodeRED platform, used by U.S. emergency agencies, was targeted by a cyberattack, causing system disruptions and forcing the decommissioning of the legacy environment.
- Data including names, addresses, emails, phone numbers, and passwords was stolen during the attack, although no evidence suggests the data has been publicly released.
- The INC Ransomware gang has claimed responsibility, leaking customer data and screenshots, with the group allegedly breaching OnSolve’s systems to encrypt files and sell stolen information.
- Crisis24 is rebuilding its system from backups dated March 31, 2025, while customers are advised to reset passwords, especially since clear-text passwords were compromised.
Underlying Problem
In late 2025, a significant cyberattack targeted Crisis24’s OnSolve CodeRED platform, which is crucial for emergency notifications used by U.S. government agencies, police, and fire departments. The attack, reportedly carried out by the INC Ransomware gang, resulted in system downtime and the theft of sensitive data, including names, addresses, emails, phone numbers, and passwords of platform users. Although Crisis24 claims the breach was confined to the CodeRED environment and did not affect its other systems, it confirmed that the stolen data has not yet been publicly released. The cybercriminal group announced on its Tor leak site that it gained access on November 1, encrypted files on November 10, and is now selling the stolen information after allegedly failing to receive a ransom.
This incident happened because of an organized cybercriminal effort, which caused widespread disruption among counties, cities, and safety agencies dependent on CodeRED. Crisis24 is restoring its services from an earlier backup, dating to March 31, 2025, meaning some accounts may be missing. Meanwhile, the INC Ransom gang, which launched in July 2023, has targeted various sectors worldwide and is now distributing the stolen data. They warn users to reset passwords, especially those reused across different sites. Reporters, including BleepingComputer and the City of University Park, Texas, have confirmed these details, highlighting the attack’s broad implications and ongoing recovery efforts.
Risk Summary
The recent OnSolve CodeRED cyberattack highlights a serious risk that can impact any business, regardless of size or industry. When such an attack occurs, it disrupts emergency alert systems, which are crucial for rapid communication during crises. As a result, your business could face delays in receiving or sending vital alerts, leaving employees and customers uninformed and vulnerable. This interruption can lead to operational chaos, damage to reputation, and even legal liabilities if emergencies escalate without proper notifications. Moreover, the attack exposes sensitive data, risking privacy breaches and financial loss. Therefore, just like with critical public systems, your business’s safety and stability depend on robust cybersecurity measures to prevent similar disruptions.
Fix & Mitigation
Prompt response to incidents like the OnSolve CodeRED cyberattack disrupting emergency alert systems nationwide is crucial to minimize harm, restore trust, and ensure public safety.
Assessment and Identification
- Conduct immediate incident analysis to determine scope and impact
- Identify vulnerable systems and entry points
Containment and Isolation
- Segregate affected systems from the network
- Disable compromised accounts and access credentials
Eradication Efforts
- Remove malicious code or malware
- Apply patches and updates to affected software and firmware
Recovery Measures
- Restore systems from secure backups
- Validate system integrity before bringing back online
Communication and Notification
- Inform stakeholders, emergency responders, and the public about the incident and ongoing efforts
- Coordinate with authorities and cybersecurity agencies
Strengthening Defenses
- Review and enhance cybersecurity policies and controls
- Implement advanced threat detection and intrusion prevention solutions
Post-Incident Review
- Conduct a thorough investigation to understand root causes
- Document lessons learned and update incident response plans accordingly
Advance Your Cyber Knowledge
Discover cutting-edge developments in Emerging Tech and industry Insights.
Explore engineering-led approaches to digital security at IEEE Cybersecurity.
Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.
Cyberattacks-V1cyberattack-v1-multisource
