The INC ransomware-as-a-service (RaaS) gang executed a cyberattack on **OnSolve’s CodeRED platform**, a critical emergency notification system used by **multiple U.S. state/local governments, police, and fire departments**. The attack disrupted emergency alerts, compromising public safety communications during crises. Authorities relying on CodeRED for real-time warnings (e.g., severe weather, active threats, or evacuation orders) faced delays or failures in disseminating life-saving information. The incident highlights vulnerabilities in third-party risk management infrastructure, where a single breach cascaded into systemic failures across dependent agencies. While no direct data theft was confirmed, the operational outage posed **immediate risks to public safety**, undermining trust in emergency response systems. The attack’s timing and target suggest a deliberate attempt to exploit high-impact infrastructure, aligning with ransomware groups’ growing focus on **critical public services** to maximize pressure for ransom payments.
Source: https://www.scworld.com/brief/salvation-army-purportedly-subjected-to-chaos-ransomware-attack
TPRM report: https://www.rankiteo.com/company/emergency-communications-network-llc
"id": "eme22102822112725",
"linkid": "emergency-communications-network-llc",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': ['multiple U.S. state/local '
'governments',
'police departments',
'fire departments'],
'industry': ['risk management',
'emergency notification services'],
'name': 'Crisis24 (OnSolve)',
'type': 'private company'},
{'customers_affected': ['residents relying on emergency '
'notifications'],
'industry': ['emergency services', 'public safety'],
'location': 'United States',
'type': ['government', 'public sector']}],
'date_detected': '2025-11-26',
'date_publicly_disclosed': '2025-11-26',
'description': 'Multiple U.S. state and local governments, as well as police '
'and fire departments, experienced disruptions to their '
'emergency notification systems due to a cyberattack on '
"Crisis24's OnSolve CodeRED platform. The INC "
'ransomware-as-a-service (RaaS) gang claimed responsibility '
'for the attack.',
'impact': {'brand_reputation_impact': ['potential loss of trust in emergency '
'notification reliability'],
'operational_impact': ['disruption of emergency notification '
'services for U.S. state/local governments, '
'police, and fire departments'],
'systems_affected': ['OnSolve CodeRED emergency notification '
'platform']},
'initial_access_broker': {'high_value_targets': ['emergency notification '
'systems']},
'investigation_status': 'ongoing (claimed by INC RaaS gang)',
'motivation': ['financial gain', 'disruption'],
'ransomware': {'ransomware_strain': 'INC RaaS'},
'references': [{'date_accessed': '2025-11-26', 'source': 'BleepingComputer'}],
'threat_actor': 'INC ransomware-as-a-service (RaaS) gang',
'title': 'Ransomware Attack on OnSolve CodeRED Emergency Notification '
'Platform Disrupts U.S. Government Services',
'type': ['cyberattack', 'ransomware', 'service disruption']}