The INC ransomware-as-a-service (RaaS) gang executed a cyberattack on **OnSolve’s CodeRED platform**, a critical emergency notification system used by **multiple U.S. state/local governments, police, and fire departments**. The attack disrupted **real-time alerts for emergencies**, crippling communication channels essential for public safety responses. Authorities relying on CodeRED for **severe weather warnings, Amber Alerts, evacuation notices, and active threat notifications** faced delays or complete failures in disseminating time-sensitive information. The incident exposed vulnerabilities in third-party risk management infrastructure, raising concerns about the **cascading impact on civic operations and emergency services**.The disruption affected **government services at municipal levels**, including coordination between law enforcement, fire departments, and disaster response teams. While no direct data breach of citizen records was confirmed, the **operational paralysis of a system tied to public safety** elevated the attack’s severity. The involvement of a **ransomware-as-a-service group (INC)** suggests potential demands for payment, though specifics on ransom negotiations or data exfiltration remain undisclosed. The attack underscores the **fragility of interconnected digital ecosystems** supporting critical infrastructure, with implications for **regional stability and trust in emergency response mechanisms**.
Source: https://www.scworld.com/brief/global-ransomware-victimization-remains-elevated
TPRM report: https://www.rankiteo.com/company/emergency-communications-network-llc
"id": "eme1154011120125",
"linkid": "emergency-communications-network-llc",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': ['multiple U.S. state and local '
'governments',
'police departments',
'fire departments'],
'industry': ['risk management',
'emergency notification services'],
'name': 'Crisis24 (OnSolve)',
'type': 'private company'},
{'industry': ['emergency services',
'law enforcement',
'fire services'],
'location': 'United States',
'type': ['government', 'public safety']}],
'date_publicly_disclosed': '2025-11-26',
'description': 'A cyberattack by the INC ransomware-as-a-service gang '
"targeted Crisis24's OnSolve CodeRED platform, disrupting "
'emergency notification systems for multiple U.S. state and '
'local governments, as well as police and fire departments.',
'impact': {'operational_impact': ['disruption of emergency notifications for '
'U.S. state/local governments, police, and '
'fire departments'],
'systems_affected': ['OnSolve CodeRED emergency notification '
'platform']},
'ransomware': {'ransomware_strain': 'INC RaaS (Ransomware-as-a-Service)'},
'references': [{'date_accessed': '2025-11-26', 'source': 'BleepingComputer'}],
'threat_actor': 'INC ransomware-as-a-service gang',
'title': 'Ransomware Attack on OnSolve CodeRED Emergency Notification '
'Platform Disrupts U.S. Government and Public Safety Systems',
'type': ['cyberattack', 'ransomware', 'service disruption']}