Crisis24’s OnSolve CodeRED emergency alert system has been disrupted by a cyberattack, leaving local governments throughout the U.S. searching for alternatives or waiting for a new system to come online.
The INC ransomware group has claimed responsibility for the attack.
Some personal data of users may have been exposed in the attack, including names, addresses, email addresses, phone numbers, and passwords, and users have been urged to change passwords for other accounts if the same password is used.
Crisis24 is launching a new secure CodeRED System that was already in development, and local governments had varying reactions to the crisis.
New CodeRED Emergency Alert System Expected Soon
Several U.S. local governments issued statements after the attack, updating residents on the CodeRED system’s status and their plans.
The City of University Park, Texas, said Crisis24 is launching a new CodeRED System, which was already in the works.
“Our provider assures us that the new CodeRED platform resides on a non-compromised, separate environment and that they completed a comprehensive security audit and engaged external experts for additional penetration testing and hardening,” the city said in its statement.
“The provider decommissioned the OnSolve CodeRED platform and is the process of moving all customers to its new CodeRED platform.”
Craven County Emergency Services in North Carolina said the new CodeRED platform “will be available before November 28.”
In the meantime, Craven County said announcements and alerts will continue to be released through local media, the Craven County website, or on Craven County’s social media accounts.
The Douglas County Sheriff’s Office in Colorado said on Nov. 24 that it took “immediate action to terminate our contract with CodeRED for cause. Our top priority is the privacy and protection of our citizens, which led to the decision to end our agreement with CodeRED.”
The Sheriff’s Office said it “is actively searching for a replacement for the CodeRED platform.”
The office said it still has the ability to issue “IPAWS” alerts to citizens when necessary, and “will continue to implement various contingency plans, including outreach through social media and door-to-door notifications, to ensure our community stays informed during emergency situations.”
INC Ransom Claims Responsibility for CodeRED Attack
The INC Ransom group claimed responsibility for the CodeRED emergency alert system attack on its dark web data leak site.
The threat actors say they obtained initial access on Nov. 1, followed by network encryption on Nov. 10. The group claims to have exfiltrated approximately 1.15 TB before deploying encryption.
To substantiate their claims, INC Ransom has published several data samples, including csv files with client-related data, threat intelligence company Cyble reported in a note to clients. Additionally, the group released two screenshots allegedly showing negotiation attempts, where the company purportedly offered as much as USD $150,000, an amount the attackers claim they refused.