The INC ransomware-as-a-service (RaaS) gang executed a cyberattack on **OnSolve’s CodeRED platform**, a critical emergency notification system used by **multiple U.S. state/local governments, police, and fire departments**. The attack disrupted **real-time alerts for emergencies**, compromising public safety communication channels. Authorities relying on CodeRED for **severe weather warnings, Amber Alerts, evacuation notices, and active threat notifications** faced delays or failures in disseminating time-sensitive information. While the full scope of data compromise remains undisclosed, the incident directly threatened **operational continuity of government services** and **emergency response coordination**, creating systemic vulnerabilities in public infrastructure. The attack’s ripple effect extended to **law enforcement and first responders**, hindering their ability to protect communities during crises. OnSolve, a subsidiary of Crisis24, provides risk management solutions, making this breach particularly damaging to **trust in governmental cybersecurity resilience**.
Source: https://www.scworld.com/brief/guilt-admitted-by-robbinhood-ransomware-attacker
TPRM report: https://www.rankiteo.com/company/emergency-communications-network-llc
"id": "eme1580215113025",
"linkid": "emergency-communications-network-llc",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': ['multiple U.S. state/local '
'governments',
'police departments',
'fire departments'],
'industry': ['risk management',
'emergency notification services'],
'name': 'Crisis24 (OnSolve)',
'type': 'private company'},
{'customers_affected': ['residents relying on emergency '
'notifications'],
'industry': ['public administration',
'emergency services'],
'location': 'United States',
'name': ['multiple U.S. state governments',
'local governments'],
'type': 'government'},
{'customers_affected': ['residents and emergency '
'responders'],
'industry': 'public safety',
'location': 'United States',
'name': ['police departments', 'fire departments'],
'type': 'government agency'}],
'data_breach': {'data_encryption': ['likely (ransomware attack)']},
'date_detected': '2025-11-26',
'date_publicly_disclosed': '2025-11-26',
'description': 'Multiple U.S. state and local governments, as well as police '
'and fire departments, experienced disruptions in their '
'emergency notification systems due to a cyberattack on '
"Crisis24's OnSolve CodeRED platform. The INC "
'ransomware-as-a-service (RaaS) gang claimed responsibility '
'for the attack.',
'impact': {'brand_reputation_impact': ['potential loss of trust in '
'Crisis24/OnSolve services'],
'operational_impact': ['disruption of emergency notifications for '
'U.S. state/local governments, police, and '
'fire departments'],
'systems_affected': ['OnSolve CodeRED emergency notification '
'platform']},
'initial_access_broker': {'high_value_targets': ['emergency notification '
'systems']},
'investigation_status': 'ongoing (claimed by INC RaaS gang)',
'motivation': ['financial gain', 'disruption'],
'ransomware': {'data_encryption': ['likely'], 'ransomware_strain': 'INC RaaS'},
'references': [{'date_accessed': '2025-11-26', 'source': 'BleepingComputer'}],
'threat_actor': 'INC ransomware-as-a-service (RaaS) gang',
'title': 'Ransomware Attack on OnSolve CodeRED Emergency Notification '
'Platform Disrupts U.S. Government Services',
'type': ['cyberattack', 'ransomware', 'service disruption']}