CodeRED emergency alert system CodeDEAD after INC ransomware attack

Wednesday 26th November 2025 14:58 GMT Taliesinawen

Cloud based critical event notification platform :o

“OnSolve, a cloud-based critical-event and mass-notification platform, suffered a highly disruptive cyberattack recently which forced it to sunset its legacy CodeRED environment and move to a new version, as well as losing sensitive data and even a business customer.”

‘While Crisis24 only attributed the breach to an "organized cybercriminal group," BleepingComputer has learned that the INC Ransomware gang has taken responsibility for the attack. .. INC Ransom is a ransomware-as-a-service (RaaS) operation that launched in July 2023 and has since targeted organizations worldwide.’

8 0 Reply
1. Friday 28th November 2025 13:00 GMT Anonymous Coward
  
  Re: Cloud based critical event notification platform :o
  
  The fact that they are claiming passwords were stolen and warning people to change their pwds on any other accounts that might use the same pwd implies they don't know what they are doing. There are multiple ways to setup password authentication in such a way that no one but the user ever knows what the password is. The oldest I know of is decades old and is a variation on Diffie–Hellman.
  
  7 0 Reply
  1. Saturday 29th November 2025 03:50 GMT dmesg
    
    Re: Cloud based critical event notification platform :o
    
    That was my immediate first thought when I read that the stolen data included passwords. C'mon CodeRed, hashing and salting passwords is older than you are. Did you hire complete newbies to build your app?
    
    2 0 Reply
Wednesday 26th November 2025 15:49 GMT Pascal Monett

Oh really ?

"there have been rising cybersecurity risks and penetrations across many organizations as of late "

Oh, so your excuse is that, because other companies have been penetrated, it's not your fault.

Excuse me if I do not accept that as an excuse, especially from a company that is supposed to be dealing with emergency alert procedures.

28 0 Reply
1. Saturday 29th November 2025 00:18 GMT RJX
  
  Re: Oh really ?
  
  Having worked in operational cybersecurity for a couple of decades for large financial institutions, not the worthless audit and compliance side, you are absolutely correct. Ransomware that cripples a company is 100% preventable but it takes a senior management team that agrees. The hardest part is getting people to change their practices but after a year of the onerous, time-wasting, you-name-it-excuse, the processes just become second nature and business as usual.
  
  But you gotta have senior management support and agreement.
  
  1 0 Reply
Wednesday 26th November 2025 16:16 GMT Anonymous Coward

Stolen passwords.

Just that.

No mention of encrypted/salted, served with vinegar etc. passwords.

Cyber security? They appear to have heard of it.

19 0 Reply
1. Wednesday 26th November 2025 21:47 GMT Anonymous Coward
  
  What about this statement?
  
  Crisis24 told customers that the new platform "resides on a non-compromised, separate environment," which has undergone "a comprehensive security audit" and "additional penetration testing and hardening."
  
  What he didn't say was "we set up a new deathtrap environment and actually had to fix it before they'd allow us to start using it.'
  
  8 1 Reply
2. Thursday 27th November 2025 08:01 GMT BartyFartsLast
  
  "Cyber security? They appear to have heard of it."
  
  Now they've been breached, yes.
  
  They might even think it's a good idea to get some..
  
  6 0 Reply
  1. Thursday 27th November 2025 09:04 GMT rivimey
    
    At what point do governments start treating this type of behaviour as criminal in and of itself? So many breaches of data are accompanied with tales of bad practices and lax or no oversight…
    
    9 0 Reply
Thursday 27th November 2025 12:05 GMT David Hicklin

Crisis24 offered an initial $100,000 payment, and later upped it to $150,000, which INC rejected.

If I was a customer I would be dropping them and finding something else for just that. We are supposed to be making it uneconomical for the hackers not encouraging them!

12 0 Reply
Thursday 27th November 2025 13:14 GMT JWLong

Maybe ,,...........

They should change their name to "Clown24".

1 0 Reply
Friday 28th November 2025 14:22 GMT An_Old_Dog

WTF?!

... among the data stolen by the criminal group were names, addresses, email addresses, phone numbers, and passwords used to create CodeRED accounts.

Emergency info should be broadcast!

Not distributed only after you sign in with an account.

There never should have been any accounts.

The people who bought this system to begin with should be given a thorough crotch-kicking, then lose their jobs for being fools. Of course, if they were voted into their positions ...

4 1 Reply
1. Saturday 29th November 2025 00:11 GMT RJX
  
  Re: WTF?!
  
  I signed up for alerts from our city, such as severe weather, but just gave them my phone number. I get a call for emergency alerts. There was no requirement to create an account so people who did that did it voluntarily, probably so they could use some app rather than having their phone ringing.
  
  0 0 Reply
Friday 28th November 2025 16:21 GMT cd

CodePHB...

2 0 Reply
Saturday 29th November 2025 00:21 GMT RJX

Backups? Yeah, we do those once a year

From the BleepingComputer article:

"Because the attack damaged the platform, Crisis24 is rebuilding its service by restoring backups to a newly launched CodeRED by Crisis24 system. However, the available data is from an earlier backup on March 31, 2025, so accounts will likely be missing from the system."

1 0 Reply