The INC ransomware-as-a-service (RaaS) gang executed a cyberattack on **OnSolve’s CodeRED platform**, a critical emergency notification system used by **multiple U.S. state and local governments, police, and fire departments**. The disruption compromised the ability of these agencies to issue timely alerts during emergencies, potentially delaying response times for public safety incidents, natural disasters, or law enforcement operations. The attack directly targeted a **risk management firm (Crisis24)** responsible for maintaining the platform, exposing vulnerabilities in third-party infrastructure relied upon by governmental and emergency services.Given the platform’s role in coordinating **vital public safety communications**, the outage posed risks to community resilience, particularly in scenarios requiring rapid dissemination of warnings (e.g., severe weather, active threats, or evacuation orders). While the article does not confirm data exfiltration, the **operational paralysis of emergency systems** aligns with high-stakes cyber disruptions that undermine trust in critical infrastructure. The involvement of a **ransomware gang** further suggests potential demands for payment, though the primary impact stems from the **systemic failure of a service essential to public welfare and regional stability**.
Source: https://www.scworld.com/brief/nearly-280k-impacted-by-nova-scotia-power-ransomware-hack
TPRM report: https://www.rankiteo.com/company/emergency-communications-network-llc
"id": "eme2962429112725",
"linkid": "emergency-communications-network-llc",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': ['U.S. state governments',
'local governments',
'police departments',
'fire departments'],
'industry': ['risk management',
'emergency notification services'],
'name': 'Crisis24 (OnSolve)',
'type': 'private company'},
{'customers_affected': ['residents relying on emergency '
'notifications'],
'industry': ['public administration',
'emergency services'],
'location': 'United States',
'name': ['Multiple U.S. state governments',
'local governments',
'police departments',
'fire departments'],
'type': ['government', 'public safety']}],
'date_detected': '2025-11-26',
'date_publicly_disclosed': '2025-11-26',
'description': 'Multiple U.S. state and local governments, as well as police '
'and fire departments, experienced disruptions in their '
'emergency notification systems due to a cyberattack on '
"Crisis24's OnSolve CodeRED platform. The INC "
'ransomware-as-a-service (RaaS) gang claimed responsibility '
'for the attack.',
'impact': {'brand_reputation_impact': ['potential loss of trust in emergency '
'notification systems'],
'operational_impact': ['disruption of emergency notifications for '
'U.S. state/local governments, police, and '
'fire departments'],
'systems_affected': ['OnSolve CodeRED emergency notification '
'platform']},
'initial_access_broker': {'high_value_targets': ['emergency notification '
'systems']},
'investigation_status': 'ongoing (claimed by INC RaaS gang)',
'motivation': ['financial gain', 'disruption'],
'ransomware': {'ransomware_strain': 'INC RaaS'},
'references': [{'date_accessed': '2025-11-26', 'source': 'BleepingComputer'}],
'threat_actor': 'INC ransomware-as-a-service (RaaS) gang',
'title': "Ransomware Attack on Crisis24's OnSolve CodeRED Platform Disrupts "
'U.S. Emergency Notification Systems',
'type': ['cyberattack', 'ransomware', 'service disruption']}