Risk Management Company Crisis24 Confirms Cyberattack on OnSolve CodeRED Platform

A recent cyberattack on the OnSolve CodeRED platform, confirmed by risk management company Crisis24, has caused disruption to emergency notification systems used by state and local governments, police departments, and fire agencies across the United States. The CodeRED platform plays a crucial role in enabling these agencies to send alerts to residents during emergencies.

The cyberattack led Crisis24 to decommission the legacy CodeRED environment, resulting in widespread disruption for organizations relying on the platform for emergency notifications, weather alerts, and other critical warnings.

According to Crisis24’s statements and an FAQ shared with affected customers, the cyberattack was isolated to the CodeRED environment and did not impact any other systems. However, data was stolen during the attack, including names, addresses, email addresses, phone numbers, and passwords associated with CodeRED user profiles.

The stolen data has not been publicly disclosed, as confirmed by Crisis24. The City of University Park, Texas, issued a warning stating that while data was taken from the system, there is no evidence of it being posted online.

To address the damage caused by the attack, Crisis24 is rebuilding its service by restoring backups to a newly launched CodeRED system. However, due to the restoration from an earlier backup dated March 31, 2025, some accounts may be missing from the system.

Various counties, cities, and public safety agencies nationwide are actively working to restore their emergency alert systems for residents following the cyberattack.

INC Ransom Gang Takes Responsibility

While Crisis24 attributed the breach to an “organized cybercriminal group,” it has been revealed that the INC Ransomware gang claimed responsibility for the attack. The group created an entry on its Tor data leak site for OnSolve, showcasing screenshots of customer data, including email addresses and clear-text passwords.

See also  Ford's Financial Troubles: A Record Loss Since the Global Financial Crisis

The INC Ransom gang claims to have infiltrated OnSolve’s systems on November 1, 2025, and encrypted files on November 10. After failing to receive a ransom payment, they are allegedly selling the stolen data obtained during the attack.

Considering that the passwords shared in the screenshots are in plain text, customers are advised to reset any CodeRED passwords that were reused on other platforms.

INC Ransom is a ransomware-as-a-service (RaaS) operation that emerged in July 2023 and has targeted organizations worldwide, impacting sectors such as education, healthcare, government, and notable entities like Yamaha Motor Philippines, Scotland’s National Health Service (NHS), Ahold Delhaize, and Xerox Business Solutions (XBS).

It’s budget season! Over 300 CISOs and security leaders have shared insights on planning, spending, and priorities for the upcoming year. This report compiles their strategies, emerging trends, and priorities for 2026. Learn how leaders are translating investments into measurable impact.

Download the report now to benchmark your strategies.

Download Now