The web-based critical alert system, designed to notify the public about emergencies, is under ransomware attack.
Cities across the US are reporting a CodeRed breach and subsequent outage. Many government agencies use the critical software to alert the community of local and national emergencies, like severe weather alerts, gas leaks, and more.
The company, owned and operated by the parent company Crisis24, has not yet published a notification on its website, but has alerted multiple states and municipalities about the incident. Outside of the incident disrupting notification, it also appears to have resulted in a database being leaked or stolen. According to CodeRed, the following data may have been accessed: names, addresses, email addresses, phone numbers, and/or associated passwords used to create user profiles for alerts. CodeRED recommended that individuals who may have been impacted change their passwords immediately.
According to news reports, the attack was claimed by the ransomware gang Inc and began with unauthorized access on November 1st. Files in CodeRED’s system were encrypted on November 10th. Inc Ransom is demanding 100,000 from CodeRED, but negotiations ultimately failed and the information was published to Inc.’s data leak site.
According to a statement provided to Nevada County in California, CodeRED stated, “We have learned that data associated with the legacy OnSolve CodeRED platform was removed from our systems. While there is currently no indication that this data has been published online, we are proactively informing you that it may be leaked.”
The incident forced CodeRED to decommission their older version of the platform, called OnSolve CodeRed, accelerating a planned migration to CodeRED, the newer version. Some organizations had already completed the switch by the time of the incident.
Information about the impact of the incident is currently limited; we don’t yet know how many people had their data stolen or how many municipalities may have been impacted.
Attacks or organizations like CodeRED are particularly malicious, as they can prevent people from receiving critical safety information. Historically, these attacks can be dangerous, for instance, in 2024, an Illinois ambulance service was attacked, requiring ambulances to divert and delay services. For critical service providers, like CodeRED, ambulance services, and more, preventing vulelnerabilities is necessary to keeping data safe and maintaining services.
Ransomware organizations target company’s for a variety of reasons. Sometimes, it’s a targeted attack, and Inc may have chosen CodeRED because it is a critical service and may have been more willing to negotiate. It may have also been purely based on opportunity, with Inc attacking CodeRED because the group discovered a vulnerability.
CodeRED may face a lawsuit regarding the data breach if it’s believed that the company could have prevented the attack. If a lawsuit emerges, it’s likely that CodeRED will try to seattle the case instead of taking it to court.