OnSolve CodeRED

2025: System shutdown due to hacker attack

On November 25, 2025, Crisis24 confirmed a large-scale cyber attack on its OnSolve CodeRED platform, which provides emergency warning systems throughout the United States. The incident paralyzed the notification system for state and local authorities, police and fire departments.

According to BleepingComputer, due to the attack, Crisis24 was forced to completely decommission the previous CodeRED environment. This has led to massive disruptions in emergency alert services using this platform for weather alerts and other critical notifications.

𝓲

Фото: Freepik

The investigation showed that the attack was limited to the CodeRED environment, but the attackers managed to steal confidential user data. Compromised information includes names, addresses, email addresses, phone numbers and passwords of CodeRED profiles.

Crisis24 restores the service by deploying backups to the new system. However, due to the use of the backup dated March 31, 2025, some of the accounts may be lost.

Responsibility for the attack was claimed by one of the most active groups of ransomware hackers INC Ransom, seen since July 2023. She posted evidence of data theft on her Tor page, including email addresses and related passwords in clear text.

According to the attackers, they penetrated OnSolve systems on November 1, 2025, and encrypted the files on November 10. After unsuccessful buyout negotiations, the hacker group said it had started selling the stolen information.

According to information received from CodeRED by the authorities of the Texas city of University Park, so far "there is no evidence that this information is posted online."

University Park cybersecurity experts recommend users change CodeRED passwords immediately, especially if they were used on other resources.^[1]

Notes