The **INC ransomware-as-a-service (RaaS) gang** targeted **OnSolve’s CodeRED platform**, a critical emergency notification system used by **multiple U.S. state/local governments, police, and fire departments**. The cyberattack disrupted **real-time alerts for emergencies**, compromising public safety communication infrastructure. Authorities relying on CodeRED for **severe weather warnings, Amber Alerts, evacuation notices, and other life-saving notifications** faced **operational paralysis**, delaying response times and potentially endangering lives. The attack underscored vulnerabilities in **third-party risk management firms** whose platforms underpin government services. While the full scope of data exfiltration remains undisclosed, the **outage itself posed a direct threat to public safety systems**, aligning with high-severity cyber incidents targeting **critical infrastructure**. The incident also risks **erosion of public trust** in emergency response mechanisms, with potential long-term reputational and legal repercussions for OnSolve and its parent company, Crisis24.
Source: https://www.scworld.com/brief/kaiser-permanente-dismisses-cyberattack-after-widespread-outage
TPRM report: https://www.rankiteo.com/company/emergency-communications-network-llc
"id": "eme23102623112725",
"linkid": "emergency-communications-network-llc",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': ['multiple U.S. state and local '
'governments',
'police departments',
'fire departments'],
'industry': 'emergency notification services',
'name': 'Crisis24 (parent company of OnSolve)',
'type': 'private sector (risk management firm)'},
{'customers_affected': ['users of CodeRED platform'],
'industry': 'emergency notification services',
'name': 'OnSolve (subsidiary of Crisis24)',
'type': 'private sector'}],
'data_breach': {'data_encryption': ['likely (ransomware attack)']},
'date_detected': '2025-11-26',
'date_publicly_disclosed': '2025-11-26',
'description': 'Multiple U.S. state and local governments, police, and fire '
'departments experienced disruptions in their emergency '
"notification systems due to a cyberattack on Crisis24's "
'OnSolve CodeRED platform. The attack was claimed by the INC '
'ransomware-as-a-service (RaaS) gang.',
'impact': {'brand_reputation_impact': ['potential loss of trust in '
'Crisis24/OnSolve services'],
'operational_impact': ['disruption of emergency notifications for '
'U.S. state/local governments, police, and '
'fire departments'],
'systems_affected': ['OnSolve CodeRED emergency notification '
'platform']},
'initial_access_broker': {'high_value_targets': ['emergency notification '
'systems']},
'investigation_status': ['ongoing (claimed by INC RaaS gang)'],
'motivation': ['financial gain', 'disruption'],
'ransomware': {'data_encryption': ['likely'], 'ransomware_strain': 'INC RaaS'},
'references': [{'date_accessed': '2025-11-26', 'source': 'BleepingComputer'}],
'threat_actor': 'INC ransomware-as-a-service (RaaS) gang',
'title': 'Cyberattack on OnSolve CodeRED Emergency Notification Platform by '
'INC Ransomware Gang',
'type': ['cyberattack', 'ransomware', 'service disruption']}