In partnership with
CYBER SYRUP
Delivering the sweetest insights on cybersecurity.
Realtime User Onboarding, Zero Engineering
Quarterzip delivers realtime, AI-led onboarding for every user with zero engineering effort.
✨ Dynamic Voice guides users in the moment
✨ Picture-in-Picture stay visible across your site and others
✨ Guardrails keep things accurate with smooth handoffs if needed
No code. No engineering. Just onboarding that adapts as you grow.
Ransomware Disrupts OnSolve CodeRED Emergency Alert System Across Multiple U.S. States
A ransomware attack targeting the OnSolve CodeRED emergency alert platform—operated by Crisis24—has disrupted local government notification systems across numerous U.S. states. The incident resulted in a data breach affecting user information tied to a legacy version of the CodeRED service and temporarily disabled emergency alert capabilities for cities, counties, and law enforcement agencies. The Inc Ransom group has claimed responsibility.
Context
CodeRED is widely used by municipalities for urgent public safety alerts, including weather emergencies, hazardous material incidents, evacuations, and missing persons. While not part of the national Emergency Alert System (EAS), CodeRED remains a critical communication tool for local emergency preparedness and resident safety.
The impacted system is a legacy CodeRED platform that Crisis24 previously deprecated. Some customers have been urged—or have already decided—to migrate to updated versions following the attack.
What Happened
Over the past week, government agencies across multiple states, including Massachusetts, Colorado, Texas, Florida, North Carolina, Ohio, Kansas, Georgia, California, Utah, Missouri, Montana, and New Mexico, announced that their CodeRED services were offline due to a cyberattack.
Public notices revealed that:
Emergency alerts could not be sent during the outage.
Cybercriminals accessed names, addresses, emails, phone numbers, and profile passwords associated with the legacy platform.
Crisis24 has not issued an official public statement.
Security researchers and local agencies attribute the incident to a ransomware intrusion affecting OnSolve’s infrastructure.
Technical Breakdown
According to the Inc Ransom group:
The attackers accessed OnSolve systems on November 1.
File-encrypting ransomware was deployed on November 10.
Negotiations reportedly collapsed after Crisis24 allegedly offered $100,000, which the attackers deemed insufficient.
Stolen data appears to include:
User identity information
Contact details
Passwords associated with older CodeRED accounts
The attackers later published a sample of the stolen data online and claimed to have placed the remainder for sale. While some municipalities initially reported no public leak, the situation has evolved as the ransomware group released files.
Impact Analysis
The incident created operational disruptions for emergency response organizations that depend on CodeRED to notify residents during time-sensitive events. Potential consequences include:
Delayed public safety alerts
Interruption of community emergency protocols
Increased municipal risk during critical incidents
Loss of confidence in the vendor’s legacy platform
Some government customers are now reconsidering contracts, pursuing cancellation, or migrating to the newer CodeRED system.
Why It Matters
Emergency alert systems are high-value targets because they sit at the intersection of public safety, trust, and critical communication. Even short-term outages can impact community readiness and coordination.
The breach also highlights persistent challenges associated with:
Vendor-managed legacy systems
Third-party data exposure
Ransomware groups expanding into public safety ecosystems
As municipalities increasingly depend on digital alerting platforms, resilience and vendor oversight become essential.
Expert Commentary
Cybersecurity experts note that the attack reflects a broader trend: ransomware groups are targeting infrastructures with high operational reliance to increase leverage during negotiations.
Key insights include:
Legacy systems often lag behind in security hardening.
Public safety vendors must maintain strict visibility across all platform versions.
Government agencies need contingency plans for alerting disruptions.
Regular vendor audits and redundancy planning are critical.
The combination of encrypted systems, leaked data, and operational disruption underscores the importance of lifecycle management for emergency communication technologies.
Key Takeaways
A ransomware attack disabled CodeRED emergency alert services across multiple states.
User data—including passwords—was stolen from a legacy platform.
The Inc Ransom group claims responsibility and has leaked stolen files.
Some municipalities may cancel or migrate away from CodeRED.
The incident highlights risks within third-party emergency communication systems.
Public safety operations require modernized, resilient alerting infrastructure.