US CodeRED Emergency Alert System Taken Down by Data Breach that INC Ransom Claimed
Published
Key Takeaways
- System disruption: The OnSolve CodeRED emergency alert system, used by U.S. municipalities, has been taken offline following a cyberattack.
- Data breach: User information, including names, addresses, emails, phone numbers, and passwords, was stolen during the incident.
- Attribution: The INC ransomware group claimed it exfiltrated over 1 TB of data before encrypting the network.
The OnSolve CodeRED emergency alert system, a critical communication tool used by municipalities across the United States, has been taken offline following a significant cyberattack. The platform's provider, Crisis24, confirmed that its CodeRED environment was damaged in a targeted attack by an organized cybercriminal group.
INC Ransom has since claimed responsibility, stating they gained initial access on November 1 and deployed encryption on November 10. The group also alleges it stole 1.15 TB of data before the system was damaged.
Details of the Emergency Alert Data Breach
The Crisis24 ransomware attack resulted in a significant emergency alert data breach. A company spokesperson confirmed that information belonging to OnSolve CodeRED users was stolen and subsequently published online by the attackers.
INC revealed several data samples, including CSV files with client-related data, and also released two screenshots allegedly showing negotiation attempts in which the attackers refused the company’s purported $150,000 offer.
“The attack also resulted in damage to the OnSolve CodeRED environment. Current forensic analysis indicates that the incident was fully contained within that environment, with no contagion beyond,” the spokesperson said, cited by The Record Media. “The dataset involved may include information for OnSolve CodeRED users.”
The compromised data may include the users’:
- names,
- physical addresses,
- email addresses,
- phone numbers,
- passwords.
In response, municipalities in states including Colorado, Missouri, Texas, and Virginia have urged residents to change any passwords that may have been reused across other personal or business accounts. The platform first went down around November 10, leading to a nationwide outage.
Response to the CodeRED Emergency Alert System Hack
Crisis24 has decommissioned the compromised platform and is expediting the launch of a new, more secure version of CodeRED. The company notified customers that the new system will rely on backups from March 31, meaning users who signed up after that date will need to re-register.
While the new system is being deployed, some local governments have terminated their CodeRED contracts and are seeking alternative notification platforms. In the interim, many are relying on social media and the federal Integrated Public Alert and Warning System (IPAWS) to issue emergency notifications.
An October report said ransomware attacks surged globally this year, endangering 50% of critical industries and threatening national security. This year, INC Ransom targeted hospitals in Brazil and the U.S.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular