OnSolve, the provider of the **CodeRED** mass-notification platform (used by governments, police, and emergency services), suffered a **ransomware attack by INC Ransom**, forcing it to decommission its legacy **CodeRED** environment and migrate to a newer version. The attack resulted in the **permanent loss of recent customer accounts and data** due to outdated backups (over six months old). Sensitive user data—including **names, addresses, emails, phone numbers, and passwords**—was exfiltrated, with high risk of leakage. The **Douglas County Sheriff’s Office and 911 Board terminated their contract with CodeRED**, citing **citizen privacy concerns**. The FBI was notified, and users were urged to change passwords across other platforms to mitigate risks. The attack disrupted critical emergency communication services, exposing vulnerabilities in public safety infrastructure.
Emergency Communications Network cybersecurity rating report: https://www.rankiteo.com/company/emergency-communications-network-llc
"id": "EME1392513112625",
"linkid": "emergency-communications-network-llc",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': True,
'industry': ['critical-event management',
'mass notification',
'emergency services'],
'name': 'OnSolve (Crisis24)',
'type': 'private company'},
{'customers_affected': True,
'industry': 'law enforcement',
'location': 'Douglas County, USA',
'name': 'Douglas County Sheriff’s Office',
'type': 'government agency'},
{'customers_affected': True,
'industry': 'emergency services',
'location': 'Douglas County, USA',
'name': 'Douglas County 911 Board',
'type': 'government agency'}],
'customer_advisories': ['termination of service by Douglas County entities '
'due to privacy concerns'],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (PII, credentials)',
'type_of_data_compromised': ['contact information (name, '
'address, email, phone)',
'passwords',
'user profiles']},
'description': 'OnSolve, a cloud-based critical-event and mass-notification '
'platform, suffered a highly disruptive cyberattack that '
'forced it to sunset its legacy CodeRED environment and move '
'to a new version. The attack, claimed by INC Ransom, resulted '
'in the loss of sensitive data, recent accounts, and a '
'business customer (Douglas County Sheriff’s Office and 911 '
'Board). Crisis24 (parent company) had to rebuild from '
'outdated backups (>6 months old), leading to permanent data '
'loss. The compromised dataset may include user contact '
'information (name, address, email, phone numbers, passwords). '
'The FBI was notified, and INC Ransom posted screenshots of '
'customer data on its Tor leak site.',
'impact': {'brand_reputation_impact': True,
'customer_complaints': True,
'data_compromised': ['user contact information (name, address, '
'email, phone numbers)',
'passwords',
'sensitive organizational data'],
'downtime': True,
'identity_theft_risk': True,
'operational_impact': ['service rebuild from outdated backups (>6 '
'months old)',
'permanent loss of recent accounts/data',
'customer (Douglas County) termination'],
'systems_affected': ['legacy CodeRED platform']},
'initial_access_broker': {'high_value_targets': ['legacy CodeRED user data']},
'investigation_status': 'ongoing (FBI notified)',
'motivation': ['financial gain', 'data theft'],
'post_incident_analysis': {'corrective_actions': ['platform migration',
'customer data protection '
'review'],
'root_causes': ['legacy system vulnerabilities',
'outdated backups']},
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'INC Ransom'},
'recommendations': ['avoid password reuse across accounts',
'regular backup testing',
'modernize legacy systems'],
'references': [{'source': 'TechRadar'}, {'source': 'BleepingComputer'}],
'regulatory_compliance': {'regulatory_notifications': ['FBI']},
'response': {'communication_strategy': ['customer notification',
'password reset advisory'],
'containment_measures': ['sunsetting legacy CodeRED platform',
'migration to new version'],
'incident_response_plan_activated': True,
'law_enforcement_notified': ['FBI'],
'remediation_measures': ['rebuilding from outdated backups']},
'stakeholder_advisories': ['password reset advisory for users'],
'threat_actor': 'INC Ransom',
'title': 'OnSolve’s legacy CodeRED platform hit by cyberattack claimed by INC '
'Ransom',
'type': ['cyberattack', 'ransomware', 'data breach']}