Ransomware Hits U.S. Emergency Alerts: Why Public Safety Can't Afford to Wait for Recovery

Ransomware is an equal-opportunity threat, affecting various sectors indiscriminately. Last week, it struck a vital component of public safety.

On November 22, the Inc Ransom group claimed responsibility for a ransomware attack on OnSolve’s CodeRED platform. This essential tool enables cities, counties, and law enforcement agencies nationwide to disseminate emergency notifications for floods, fires, missing persons, and bomb threats.

The breach disrupted critical communications in over a dozen states, including Massachusetts, Colorado, Texas, Florida, North Carolina, Ohio, Kansas, Georgia, California, Utah, Missouri, and New Mexico. For several days, essential alerts were delayed or disabled, placing community safety at risk during time-sensitive emergencies.

The attack followed a familiar, yet increasingly sophisticated, sequence. Initial access was obtained on November 1; adversaries spent more than a week mapping the network before deploying file-encrypting malware on November 10.

When Crisis24—OnSolve’s parent company—proposed a $100,000 settlement, the attackers escalated by leaking sensitive data from the legacy system, compromising personally identifiable information such as names, email addresses, physical addresses, phone numbers, and, critically, passwords.

Forensic investigation confirmed that the CodeRED environment was rendered inaccessible due to encryption, but containment efforts prevented further spread.

In response, Crisis24 executed a rapid mitigation strategy: law enforcement was promptly notified, the affected legacy environment was decommissioned, and migration to a new platform was accelerated.

Crisis24 reaffirmed its commitment to operational continuity, acknowledging the growing prevalence of cyber threats. Impacted agencies also took swift measures, with some seeking to terminate vendor contracts amid uncertainty.

Ultimately, the consequences were substantial—interruptions to emergency services and exposure of sensitive data elevated risks of phishing, identity theft, and recurring attacks.

This incident is part of a broader pattern. In fact, mere days prior, the same ransomware collective targeted the Pennsylvania Attorney General’s Office.

Ransomware-as-a-service groups like Inc Ransom are adept at destabilizing institutions and exploiting lapses in public trust. The recovery process is often protracted and costly; Microsoft research shows that the average downtime for ransomware victims exceeds three weeks—a critical interval for organizations tasked with public protection.

The fundamental lesson is clear: ransomware operations thrive on deficiencies in detection and response. Although traditional endpoint solutions and backup protocols provide some defense, they are frequently activated only after data has been encrypted and exfiltrated.

Public sector entities, and their often-outdated systems, are particularly exposed to these threats, especially when compounded by limited resources.

While consulting for a local government agency last year, I witnessed firsthand the aftermath of an IT disruption. The scramble to restore communication lines underscored the importance of resilient infrastructure—and of rapid, informed decision-making in a crisis.

Situations like these illustrate how weaknesses in password hygiene and policy gaps grant malicious actors their advantage, enabling persistence and escalation within critical systems.

Mitigating risk requires addressing ransomware at its source—securing and monitoring data in real time, automating process isolation, and ensuring response protocols are mature enough to halt threats before widespread impact.

Prevention-first solutions like RansomStop detect the very first encrypted file and automatically isolate the threat in seconds—turning hours of damage into zero.

The recent CodeRED breach is a stark reminder: public safety infrastructure is indispensable, and resilience against cyberattacks is non-negotiable. Organizations must act decisively to strengthen their defenses and adapt to evolving threats.

For further insights on mitigating ransomware risk and shifting organizational posture from reactive to proactive, I encourage you to read our article on How Ransomware Attacks Succeed.

Stay alert.