A devastating ransomware attack has completely disrupted the OnSolve CodeRED emergency alert system, leaving millions of Americans without access to critical emergency notifications. The INC Ransom group has successfully targeted one of the nation’s most vital public safety infrastructure systems, creating a nationwide crisis that affects thousands of cities, counties, and law enforcement agencies.
Critical Infrastructure Under Siege
The sophisticated cyberattack began on November 1, 2025, when the INC Ransom group first gained access to OnSolve’s systems. The attackers spent over a week conducting reconnaissance and data exfiltration before deploying file-encrypting ransomware on November 10th. This calculated approach demonstrates the group’s advanced capabilities and strategic planning.
The OnSolve CodeRED platform serves as a critical communication backbone for emergency services across the United States. The system is designed to deliver fast, targeted alerts during severe weather events, evacuations, missing person cases, and other urgent public safety situations. With the platform now compromised, emergency responders have lost a vital tool for protecting communities.
Massive Data Breach Exposes Millions
The attack has resulted in one of the most significant data breaches affecting emergency services infrastructure. Stolen data includes:
- Full names and contact information
- Email addresses and phone numbers
- Physical addresses and location data
- User profile passwords stored in clear text
- Emergency contact preferences and settings
Perhaps most concerning is the discovery that OnSolve stored user passwords in clear text format, a fundamental security violation that has amplified the breach’s impact. This practice makes it trivial for attackers to access user accounts and potentially compromise other services where users have reused passwords.
The INC Ransom group initially demanded a ransom payment, with negotiations reportedly starting at $100,000 and increasing to $150,000 before being rejected. Following the failed negotiations, the attackers have begun selling the stolen data on dark web marketplaces.
Emergency Services Disrupted Nationwide
The attack’s impact spans across multiple states, with confirmed disruptions reported in Massachusetts, Colorado, Texas, Florida, North Carolina, Ohio, Kansas, Georgia, California, Utah, Missouri, Montana, and New Mexico. Local government agencies have been forced to issue public warnings and seek alternative communication methods.
The types of emergency alerts affected include:
- Severe weather warnings and evacuation orders
- Fire and chemical spill notifications
- Missing person and AMBER alerts
- Active shooter and security threats
- Public health emergencies
It’s important to note that the national Emergency Alert System (EAS), managed by the federal government, remains unaffected. However, the CodeRED system provides more granular, localized alerts that are crucial for community-level emergency response.
Crisis24 Response and Recovery Efforts
Crisis24, the parent company of OnSolve, has taken the drastic step of completely decommissioning the compromised legacy platform. In a statement to SecurityWeek, the company confirmed that “data potentially associated with the legacy OnSolve CodeRED platform has been published online following a targeted attack by an organized cybercriminal group.”
The company is now accelerating the rollout of its new “CodeRED by Crisis24” platform and transferring all customers to this updated system. However, the migration process is complex and time-consuming, leaving many communities temporarily without emergency alert capabilities.
Several customers have already terminated their CodeRED contracts due to the security incident. Douglas County, Colorado, is among the jurisdictions that have canceled their agreements and are seeking alternative emergency notification systems.
Cybersecurity Implications and Lessons Learned
This incident highlights several critical cybersecurity challenges facing critical infrastructure providers:
Legacy System Vulnerabilities: The attack targeted OnSolve’s legacy platform, suggesting that older systems may lack modern security protections. Organizations must prioritize upgrading aging infrastructure to meet current security standards.
Password Security Failures: The storage of passwords in clear text represents a fundamental security failure that should never occur in modern systems. This practice violates basic cybersecurity principles and regulatory requirements.
Critical Infrastructure Targeting: Ransomware groups are increasingly targeting essential services that communities depend on for safety and security. This trend requires enhanced protection for public safety systems.
Third-Party Risk Management: Local governments and agencies must carefully evaluate the security practices of their technology vendors, especially those providing critical services.
The CodeRED incident serves as a stark reminder that cybersecurity is not just an IT issue but a public safety imperative. As communities work to restore their emergency notification capabilities, the focus must shift to building more resilient and secure systems that can withstand sophisticated cyber threats.
Citizens affected by this breach should immediately change any passwords that may have been reused from their CodeRED accounts and monitor their accounts for suspicious activity. The incident underscores the importance of using unique passwords for each online service and enabling two-factor authentication wherever possible.
Get more insights and updates on technology, follow TechTrib.com and stay connected with the latest trends.
TechTrib.com is a leading technology news platform providing comprehensive coverage and analysis of tech news, cybersecurity, artificial intelligence, and emerging technology. Visit techtrib.com.
Contact Information: Email: news@techtrib.com or for adverts placement adverts@techtrib.com
About The Author
