The **INC ransomware-as-a-service gang** targeted **OnSolve’s CodeRED platform**, a critical emergency notification system used by **multiple U.S. state and local governments, police, and fire departments**. The cyberattack disrupted emergency alert capabilities, preventing timely dissemination of life-saving notifications during crises. Authorities relying on CodeRED for **public safety warnings, evacuation orders, and emergency response coordination** faced severe operational disruptions. The attack not only compromised the platform’s functionality but also exposed vulnerabilities in **government-dependent infrastructure**, raising concerns about the broader impact on **public safety and crisis management**. While the full extent of data exposure remains unclear, the incident underscores the **high-risk nature of ransomware targeting essential services**, where delays in emergency communications could have **direct consequences on human safety and critical response efforts**. The attack was publicly claimed by the threat actors, amplifying reputational and operational damage to OnSolve and its government clients.
TPRM report: https://www.rankiteo.com/company/emergency-communications-network-llc
"id": "eme39105839112725",
"linkid": "emergency-communications-network-llc",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': 'Multiple U.S. state and local '
'governments, police '
'departments, fire departments',
'industry': ['risk management',
'emergency notification services'],
'name': 'Crisis24 (parent company of OnSolve)',
'type': 'private sector'},
{'customers_affected': 'residents relying on emergency '
'notifications',
'industry': 'public administration',
'location': 'United States',
'name': 'U.S. state and local governments (multiple)',
'type': 'government'},
{'industry': 'public safety',
'location': 'United States',
'name': 'U.S. police departments (multiple)',
'type': 'law enforcement'},
{'industry': 'public safety',
'location': 'United States',
'name': 'U.S. fire departments (multiple)',
'type': 'emergency services'}],
'date_detected': '2025-11-26',
'date_publicly_disclosed': '2025-11-26',
'description': 'Multiple U.S. state and local governments, as well as police '
'and fire departments, experienced disruptions in their '
'emergency notification systems due to a cyberattack on '
"Crisis24's OnSolve CodeRED platform. The INC "
'ransomware-as-a-service (RaaS) gang claimed responsibility '
'for the attack.',
'impact': {'brand_reputation_impact': ['potential loss of trust in emergency '
'notification reliability'],
'operational_impact': 'Disruption of emergency notification '
'systems for U.S. state/local governments, '
'police, and fire departments',
'systems_affected': ['OnSolve CodeRED emergency notification '
'platform']},
'initial_access_broker': {'high_value_targets': ['emergency notification '
'systems']},
'investigation_status': 'ongoing (claimed by INC RaaS gang)',
'motivation': ['financial gain', 'disruption'],
'ransomware': {'ransomware_strain': 'INC RaaS'},
'references': [{'date_accessed': '2025-11-26', 'source': 'BleepingComputer'}],
'threat_actor': 'INC ransomware-as-a-service (RaaS) gang',
'title': "Ransomware Attack on Crisis24's OnSolve CodeRED Platform Disrupts "
'U.S. Emergency Notification Systems',
'type': ['cyberattack', 'ransomware', 'service disruption']}