Sign in Subscribe

Hack of OnSolve CodeRED Platform Disrupts Emergency Alert Systems

Hack of OnSolve CodeRED Platform Disrupts Emergency Alert Systems

The ransomware group INC claimed responsibility for hacking the OnSolve CodeRED platform, which US government and municipal services use to send emergency notifications to residents. The attack disrupted emergency alert systems across the country and resulted in a leak of users' personal data.

The CodeRED platform by Crisis24 serves state and county government agencies, police departments, fire departments, and other emergency services for distributing notifications about floods, gas leaks, fires, missing persons, and similar emergencies.

Crisis24 representatives confirmed to media outlets that hackers both disrupted system operations and stole CodeRED user data. The compromised information includes names, addresses, email addresses, phone numbers, and account passwords.

The company stated the attack affected only an outdated version of the CodeRED platform and did not spread to other systems.

System Recovery and Data Loss

The infrastructure damage forced Crisis24 specialists to completely decommission the compromised CodeRED version and restore service from backups onto the new CodeRED by Crisis24 platform. However, the backups dated from March 31, 2025, meaning some accounts are missing from the restored system.

Counties, cities, and public safety services across the country reported disruptions and are working to restore emergency notification capabilities for residents. Some customers are attempting to terminate their CodeRED contracts due to the cyberattack's consequences.

Attacker Claims and Ransom Demands

While Crisis24 vaguely referred to the attackers as an "organized cybercriminal group" in its statements, BleepingComputer reports that the RaaS group INC claimed responsibility for the attack. The hackers published screenshots of Crisis24 client data on their darknet site, including email addresses and plaintext passwords.

Per the threat actors, they infiltrated OnSolve's systems on November 1, 2025, and encrypted all files on November 10. The group claims the vendor was prepared to pay a $100,000 ransom, but negotiations failed. INC is now offering the stolen data for sale.

Security Recommendations

Due to the data leak, CodeRED users should immediately change passwords on all websites where they may have reused their CodeRED credentials.