Crisis24 shuts down emergency notification system in wake of ransomware attack | CyberScoop<\/title> <meta name=\"description\" content=\"OnSolve CodeRED was damaged by the attack and has been nonoperational since earlier this month. Dozens of agencies and their respective users have been impacted by the outage and data theft.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/crisis24-onsolve-codered-emergency-system-ransomware\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Crisis24 shuts down emergency notification system in wake of ransomware attack\"> <meta property=\"og:description\" content=\"OnSolve CodeRED was damaged by the attack and has been nonoperational since earlier this month. Dozens of agencies and their respective users have been impacted by the outage and data theft.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/crisis24-onsolve-codered-emergency-system-ransomware\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-11-26T21:44:13+00:00\"> <meta property=\"article:modified_time\" content=\"2025-11-26T21:44:16+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/crisis24-shuts-down-emergency-notification-system-in-wake-of-ransomware-attack-2.jpg\"> <meta property=\"og:image:width\" content=\"2257\"> <meta property=\"og:image:height\" content=\"1328\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1763493151g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1761324897g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1763439630g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/86984\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=86984\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcrisis24-onsolve-codered-emergency-system-ransomware%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcrisis24-onsolve-codered-emergency-system-ransomware%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-86984 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/crisis24-onsolve-codered-emergency-system-ransomware\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.616666666667\">\n<div class=\"single-article__header-content\" readability=\"34.454935622318\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/crisis24-onsolve-codered-emergency-system-ransomware\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> OnSolve CodeRED was damaged by the attack and has been nonoperational since earlier this month. Dozens of agencies and their respective users have been impacted by the outage and data theft. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/86984\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"377\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/crisis24-shuts-down-emergency-notification-system-in-wake-of-ransomware-attack.jpg?resize=640%2C377&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"A person holds a smartphone displaying a glowing red warning symbol with an exclamation mark in a dark setting.\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/crisis24-shuts-down-emergency-notification-system-in-wake-of-ransomware-attack-2.jpg 2257w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/crisis24-shuts-down-emergency-notification-system-in-wake-of-ransomware-attack-2.jpg?resize=300,177 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/crisis24-shuts-down-emergency-notification-system-in-wake-of-ransomware-attack-2.jpg?resize=768,452 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/crisis24-shuts-down-emergency-notification-system-in-wake-of-ransomware-attack-2.jpg?resize=1024,603 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/crisis24-shuts-down-emergency-notification-system-in-wake-of-ransomware-attack-2.jpg?resize=1536,904 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/crisis24-shuts-down-emergency-notification-system-in-wake-of-ransomware-attack-2.jpg?resize=2048,1205 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/crisis24-shuts-down-emergency-notification-system-in-wake-of-ransomware-attack-2.jpg?resize=600,353 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/crisis24-shuts-down-emergency-notification-system-in-wake-of-ransomware-attack-2.jpg?resize=286,168 286w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/crisis24-shuts-down-emergency-notification-system-in-wake-of-ransomware-attack-2.jpg?resize=573,337 573w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/crisis24-shuts-down-emergency-notification-system-in-wake-of-ransomware-attack-2.jpg?resize=1147,675 1147w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/crisis24-shuts-down-emergency-notification-system-in-wake-of-ransomware-attack-2.jpg?resize=1433,843 1433w\" sizes=\"(max-width: 1147px) 100vw, 1147px\"><figcaption> A person holds a smartphone displaying a glowing red warning symbol with an exclamation mark in a dark setting. (iStock\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"33.804095354523\"><body readability=\"68.199648506151\"><\/p>\n<p>OnSolve CodeRED, a voluntary, opt-in emergency notification system used by law enforcement agencies and municipalities across the country, has been permanently shut down in the wake of a ransomware attack.<\/p>\n<p>Crisis24, the company behind the service, said it decommissioned the platform after the cyberattack damaged the OnSolve CodeRED environment earlier this month. \u201cCurrent forensic analysis indicates that the incident was contained within that environment, with no contagion beyond,\u201d the company said in a statement Wednesday.<\/p>\n<p>Dozens of agencies and jurisdictions have been impacted, operating without access to the emergency notification system for about two weeks. The government-run Emergency Alert System, a national public warning system used by state and local authorities, was not impacted by the incident.<\/p>\n<p>Crisis24 alerted its customers to the incident earlier this month, describing it as a \u201ctargeted attack by an organized cybercriminal group.\u201d Attackers stole data contained in the OnSolve CodeRED platform and have since leaked personally identifiable information on CodeRED users.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Agencies impacted by the attack have notified their users of the breach, warning them that names, addresses, email addresses, phone numbers and passwords were compromised. \u201cUsers who have reused their OnSolve CodeRED password for any other personal or business accounts are advised to change those passwords immediately,\u201d Crisis24 said.<\/p>\n<p>Some CodeRED customers, including the <a href=\"https:\/\/dcsheriff.net\/important-nationwide-codered-outage-data-breach-update\/\">Douglas County Sheriff\u2019s Office<\/a> in Colorado, said they took \u201cimmediate account to terminate our contact with CodeRED for cause.\u201d<\/p>\n<p>Crisis24, which was already in the process of building a new CodeRED platform, told customers the legacy system was in a separate environment and insisted the new service was not compromised, according to agencies that published information they received from the company. <\/p>\n<p>\u201cWe have accelerated the rollout of our new CodeRED by Crisis24 platform and are transferring all customers to this platform for their alerting and notification needs,\u201d the company said. <\/p>\n<p>Customers also said the company initiated a full security audit and third-party penetration testing to confirm damage was limited to the legacy system.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Crisis24 said it notified law enforcement and an investigation into the attack is ongoing. The company did not attribute the attack to any specific threat group, but INC ransomware claimed responsibility for the attack when it added OnSolve to its data leak site last week.<\/p>\n<p>\u201cCyberattacks remain a persistent threat across all sectors, and we regret that this incident has occurred,\u201d the company said. \u201cWe remain fully committed to supporting our customers and ensuring their basic alerting and public notification requirements continue to be met without interruption.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"4.1514084507042\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/crisis24-shuts-down-emergency-notification-system-in-wake-of-ransomware-attack-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/crisis24-onsolve-codered-emergency-system-ransomware\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Crisis24 shuts down emergency notification system in wake of ransomware<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[282,78,440,46,288],"tags":[286,86,444,54,294],"class_list":["post-8157","post","type-post","status-publish","format-standard","hentry","category-cybercrime","category-cybersecurity","category-data-breaches","category-ransomware","category-threats","tag-cybercrime","tag-cybersecurity","tag-data-breaches","tag-ransomware","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/data-breaches\/\" rel=\"category tag\">data breaches<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8157","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8157"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8157\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8157"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8157"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8157"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8157,"date":"2025-11-26T15:44:13","date_gmt":"2025-11-26T21:44:13","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=86984"},"modified":"2025-11-26T15:44:13","modified_gmt":"2025-11-26T21:44:13","slug":"crisis24-shuts-down-emergency-notification-system-in-wake-of-ransomware-attack","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/11\/26\/crisis24-shuts-down-emergency-notification-system-in-wake-of-ransomware-attack\/","title":{"rendered":"Crisis24 shuts down emergency notification system in wake of ransomware attack"},"content":{"rendered":"