The OnSolve CodeRED emergency alert system, managed by Crisis24, recently suffered a significant disruption due to a cyberattack, prompting local governments across the United States to explore alternative solutions or wait for updates on a new system. The INC ransomware group has taken responsibility for this attack, leading to concerns about the potential exposure of personal data for users.
Details reveal that sensitive user information, such as names, addresses, email addresses, phone numbers, and passwords, may have been compromised. As a precaution, affected individuals have been advised to update their passwords, especially if they used the same password across multiple accounts.
Upcoming Launch of Enhanced CodeRED System
In light of the cyber incident, Crisis24 is set to unveil a new, secure version of the CodeRED system that has been in development prior to the attack. Local governments have responded to the situation by providing updates to their residents regarding the status of the CodeRED system and their next steps.
The City of University Park, Texas, has confirmed that the new CodeRED system will soon be implemented. They noted, “Our provider assures us that the new CodeRED platform resides on a non-compromised, separate environment and that they completed a comprehensive security audit and engaged external experts for additional penetration testing and hardening.” Furthermore, the City mentioned that the old OnSolve CodeRED platform has been decommissioned and that all users are being transitioned to the new system.
Craven County Emergency Services in North Carolina also announced that the new platform is expected to be operational before November 28. During the interim, Craven County will continue issuing alerts and crucial announcements through local media, as well as their website and social media channels to keep the community informed.
In contrast, the Douglas County Sheriff’s Office in Colorado took immediate measures to terminate its contract with CodeRED, emphasizing the privacy and protection of citizens as their top priorities. The Sheriff’s Office is currently exploring new options for an alert system. Meanwhile, they retain the capability to send “IPAWS” alerts to residents and are implementing back-up plans, including outreach through social media and door-to-door notifications to ensure they keep the public informed during emergencies.
Cyberattack Overview and Claims by INC Ransom Group
The INC Ransom group publicly claimed responsibility for the attack on the CodeRED system via their data leak site on the dark web. According to their statements, they gained access to the system on November 1 and executed network encryption by November 10. They assert that they exfiltrated approximately 1.15 terabytes of data prior to initiating encryption.
To back up their claims, INC Ransom has published several data samples, including CSV files containing client-related information, as reported by the threat intelligence firm Cyble. Additionally, the group has posted two screenshots that reportedly depict negotiation attempts in which the company offered up to $150,000, a proposal the attackers claim they rejected.
