A ransomware attack by the **Inc Ransom** group targeted OnSolve’s **CodeRED** emergency alert system, a third-party platform used by US cities, counties, and law enforcement for critical public safety notifications (e.g., floods, fires, chemical spills, bomb threats). The attack disrupted emergency alert capabilities across multiple states, including Massachusetts, Colorado, Texas, and Florida, leaving agencies unable to send time-sensitive warnings. Cybercriminals exfiltrated user data—names, emails, physical addresses, phone numbers, and legacy platform passwords—before encrypting files. While some stolen data was later published for sale, negotiations failed after OnSolve offered only **$100,000** in ransom. The incident prompted contract cancellations and migrations to a new CodeRED platform, as the legacy system was discontinued. The outage posed risks to public safety communication, though the national **Emergency Alert System (EAS)** remained unaffected.
Source: https://www.securityweek.com/ransomware-attack-disrupts-local-emergency-alert-system-across-us/
Emergency Communications Network cybersecurity rating report: https://www.rankiteo.com/company/emergency-communications-network-llc
"id": "EME5640356112625",
"linkid": "emergency-communications-network-llc",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Local governments and law '
'enforcement agencies in at '
'least 14 U.S. states '
'(Massachusetts, Colorado, '
'Texas, Florida, North Carolina, '
'Ohio, Kansas, Georgia, '
'California, Utah, Missouri, '
'Montana, New Mexico, and '
'others)',
'industry': 'emergency notification services',
'location': 'United States',
'name': 'OnSolve (Crisis24)',
'type': 'private company'},
{'customers_affected': 'Residents relying on CodeRED '
'alerts for emergency '
'notifications',
'industry': 'public sector',
'location': 'United States (14+ states)',
'name': 'Local government agencies (multiple)',
'type': ['cities', 'counties', 'law enforcement']}],
'data_breach': {'data_encryption': 'Yes (ransomware deployed on November 10)',
'data_exfiltration': 'Confirmed; some files published online '
'and offered for sale',
'personally_identifiable_information': ['names',
'email addresses',
'physical addresses',
'phone numbers',
'passwords'],
'sensitivity_of_data': 'High (PII + passwords)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'authentication credentials']},
'date_detected': '2023-11-01',
'description': 'A ransomware attack targeting the OnSolve CodeRED emergency '
'alert system, provided by Crisis24, has disrupted emergency '
'notifications across multiple U.S. states. The attack '
'resulted in a data breach exposing user data, including '
'names, email addresses, physical addresses, phone numbers, '
'and passwords from a legacy platform. The Inc Ransom group '
'claimed responsibility, stating they accessed systems on '
'November 1, deployed ransomware on November 10, and listed '
'the incident on their leak site on November 22 after failed '
'ransom negotiations (vendor offered $100,000). Some stolen '
'data was later published and put up for sale. The incident '
'did not affect the national Emergency Alert System (EAS), but '
'local governments in at least 14 states reported disruptions. '
'Some customers are canceling contracts or transitioning to a '
'new CodeRED platform.',
'impact': {'brand_reputation_impact': 'Significant; loss of trust from '
'municipal customers, public scrutiny '
'over legacy system vulnerabilities',
'customer_complaints': 'Reports of contract cancellations and '
'transitions to new platforms by local '
'government agencies',
'data_compromised': ['names',
'email addresses',
'physical addresses',
'phone numbers',
'user profile passwords (legacy platform)'],
'downtime': 'Ongoing disruptions reported as of late November 2023 '
'(exact duration unclear)',
'identity_theft_risk': 'High (exposed PII including names, '
'addresses, and passwords)',
'operational_impact': 'Inability to send emergency notifications '
'for public safety events (e.g., floods, gas '
'leaks, fires, missing persons, bomb '
'threats) across multiple U.S. states',
'systems_affected': ['OnSolve CodeRED emergency alert system '
'(legacy platform)']},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (claimed by Inc '
'Ransom)',
'high_value_targets': ['legacy CodeRED platform '
'user data'],
'reconnaissance_period': 'November 1–10, 2023 '
'(access gained on Nov 1, '
'ransomware deployed on '
'Nov 10)'},
'investigation_status': 'Ongoing (as of late November 2023)',
'motivation': 'financial gain',
'post_incident_analysis': {'corrective_actions': ['Discontinuation of legacy '
'platform',
'Transition to new CodeRED '
'platform']},
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes (double extortion)',
'ransom_paid': '$100,000 (offered by vendor, but negotiations '
'failed)'},
'references': [{'source': 'SecurityWeek'},
{'date_accessed': '2023-11-22',
'source': 'Inc Ransom leak site'},
{'source': 'Local government notifications (multiple U.S. '
'states)'}],
'response': {'communication_strategy': 'Limited; no public statement from '
'Crisis24/OnSolve. Local governments '
'issued notifications to residents.',
'remediation_measures': 'Transition to a new CodeRED platform '
'(legacy platform discontinued)'},
'stakeholder_advisories': 'Notifications issued by local governments to '
'residents about disrupted emergency alerts',
'threat_actor': 'Inc Ransom',
'title': 'Ransomware Attack on OnSolve CodeRED Emergency Alert System',
'type': ['ransomware', 'data breach', 'service disruption']}