Crisis24 shuts down emergency notification system in wake of ransomware attack

Crisis24 has permanently decommissioned OnSolve CodeRED, its voluntary emergency notification platform, following a ransomware attack that compromised the system earlier this month. The outage affected dozens of law enforcement agencies and municipalities nationwide, disrupting access to critical alerting services.

In a statement Wednesday, Crisis24 confirmed that forensic investigations indicate the breach was contained within the OnSolve CodeRED environment. “Current analysis indicates that the incident was confined to that environment, with no contagion beyond,” the company said.

Despite the disruption, the government-run Emergency Alert System (EAS) remained unaffected, ensuring continuity of national public warnings.

The cyberattack, described by Crisis24 as a “targeted attack by an organized cybercriminal group,” resulted in the theft of personally identifiable information from CodeRED users. Compromised data includes names, addresses, phone numbers, email addresses, and passwords. The company advised users to change any passwords reused across other accounts immediately.

Some impacted agencies, including the Douglas County Sheriff’s Office in Colorado, promptly severed ties with CodeRED, citing security concerns. Meanwhile, Crisis24 confirmed that the new CodeRED platform, already under development in a separate environment, was not affected by the incident. The company is accelerating the rollout of the new system and migrating existing customers to it.

As part of its response, Crisis24 initiated a full security audit and engaged third-party penetration testing to verify that damage was limited to the legacy system. The company has also notified law enforcement and is cooperating with ongoing investigations. Although no specific threat actor has been formally attributed, the INC ransomware group claimed responsibility, adding the stolen OnSolve data to its leak site.

“Cyberattacks remain a persistent threat across all sectors,” Crisis24 said. “We remain fully committed to supporting our customers and ensuring their alerting and public notification requirements continue to be met without interruption.”