Ransomware Attack on CodeRED Knocks Out Emergency Alert Systems Across the US

A ransomware attack targeting a third-party emergency alert system used across the United States has resulted in a data breach and significant disruptions, leaving cities and counties unable to send emergency notifications to residents.

The Incident

Cities, counties, and law enforcement in many US states informed the public that the OnSolve CodeRED emergency alert system provided by Crisis24 has been disrupted due to a cyberattack.

The CodeRED system is used for alerts triggered by public safety events such as:

Floods and gas leaks
Chemical spills and fires
Missing persons cases
Bomb threats

The incident did not impact the national Emergency Alert System (EAS), but local-level alerting was severely compromised across more than a dozen states.

Geographic Impact

Notifications related to the CodeRED cybersecurity incident have been posted by local government organizations in Massachusetts, Colorado, Texas, Florida, North Carolina, Ohio, Kansas, Georgia, California, Utah, Missouri, Montana, New Mexico, and other states.

The Attacker

The Inc Ransom group is behind the OnSolve attack. The cybercriminals claimed to have gained access to OnSolve systems on November 1 and deployed file-encrypting ransomware on November 10. Negotiations reportedly failed after the vendor was only willing to pay a $100,000 ransom. Inc Ransom subsequently published stolen data and listed it for sale.

Stolen Data

Cybercriminals obtained OnSolve CodeRED user data including names, email addresses, physical addresses, phone numbers, and user profile passwords associated with the legacy platform.

Crisis24 Response

"We confirm that data potentially associated with the legacy OnSolve CodeRED platform has been published online following a targeted attack by an organized cybercriminal group. We have notified law enforcement and the investigation is ongoing. We have decommissioned the platform and are transferring all customers to the new CodeRED by Crisis24 platform."

Some customers are reportedly attempting to cancel CodeRED contracts due to the impact of the cybersecurity incident.