Ethical Hacking News
A devastating cyberattack on the vendor Crisis24 has brought emergency alert systems to a standstill across the United States. The attack resulted in the theft of sensitive data, including names, addresses, email addresses, phone numbers, and passwords used to create CodeRED accounts. As a result, affected areas have been forced to issue emergency notifications via social media or door-to-door communication if necessary. Crisis24 has informed its customers that a new platform is in development, but the attack raises concerns about the security of other customer systems and highlights the need for increased vigilance in cybersecurity.
The United States' emergency alert systems have been disrupted following a cyberattack on Crisis24. Crisis24's customer data, including names and email addresses, was stolen during the attack. The affected areas are forced to issue emergency notifications via social media or door-to-door communication. A new platform is in development by Crisis24, but its security audits and penetration testing have not yet been completed. Ransomware group INC has claimed responsibility for the attack and threatened to sell the stolen data online. Organizations are advised to prioritize cybersecurity and take proactive measures to protect themselves from similar incidents. The incident highlights the need for accountability among vendors who provide critical services like emergency alert systems.
The United States' emergency alert systems, designed to provide critical information to the public during times of crisis, have been brought to a grinding halt following a devastating cyberattack on the vendor, Crisis24. The attack, which occurred on November 1st and was completed by November 10th, has resulted in the theft of sensitive data, including names, addresses, email addresses, phone numbers, and passwords used to create CodeRED accounts.
The affected areas, spanning across multiple regions of the United States, have been forced to issue emergency notifications via social media or door-to-door communication if necessary. In an effort to mitigate the situation, Crisis24 has informed its customers that a new platform is in development, which will reside on a non-compromised, separate environment and has undergone comprehensive security audits and additional penetration testing and hardening.
However, the attack has also raised concerns about the security of other customer systems, as Crisis24 stated that there have been rising cybersecurity risks and penetrations across many organizations as of late. The company also warned its customers that there was no indication that the stolen data had been leaked online, but cautioned that this may not remain true.
The INC ransomware group has claimed responsibility for the attack and released a portion of the negotiation history between Crisis24 and itself on the dark web blog. According to the logs, INC initially demanded $950,000 in ransom, which was later reduced to $450,000. Crisis24 offered an initial payment of $100,000, which was later increased to $150,000, but was rejected by INC.
In lieu of a ransom payment, INC has stated that it will sell the stolen data instead. The cybercrime crew also alleged that its affiliate gained access to Crisis24's network on November 1st and encrypted its files on November 10th.
The affected areas have been forced to take drastic measures to ensure public safety, including terminating their contracts with Crisis24 and actively searching for replacement emergency alert systems. In a statement, the Sheriff's Office of Douglas County, Colorado, announced that it had terminated its CodeRED contract and was working with the vendor to migrate to a new emergency alert platform.
Other regions have taken similar steps, with some issuing advisories about the attack on the OnSolve CodeRED platform, now owned by Crisis24. The City of University Park, Texas, stated that while their CodeRED account had been decommissioned, staff was working with the vendor to migrate to a new emergency alert platform.
In light of this cyberattack, it is essential for organizations to prioritize cybersecurity and take proactive measures to protect themselves from similar incidents in the future. The incident highlights the importance of having robust security protocols in place and being prepared to respond quickly in the event of a breach.
Furthermore, it serves as a stark reminder of the risks associated with ransomware attacks and the need for companies to be vigilant in their cybersecurity efforts. The fact that Crisis24 claimed to have taken steps to prevent the attack and yet still fell victim to it underscores the ongoing threat posed by sophisticated cybercrime groups.
The incident also raises questions about the accountability of vendors who provide critical services, such as emergency alert systems. While Crisis24 took steps to inform its customers of the situation, it is unclear whether more could have been done to prevent the attack or mitigate its effects.
In conclusion, the recent cyberattack on Crisis24 and its impact on the United States' emergency alert systems is a concerning development that highlights the need for increased vigilance in cybersecurity. As organizations continue to rely on critical services, it is essential that they prioritize their security and take proactive measures to protect themselves from similar incidents in the future.
Related Information:
https://www.ethicalhackingnews.com/articles/Cyberattack-Brings-Emergency-Alert-Systems-to-a-Standstill-Across-the-United-States-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/11/26/codered_emergency_alert_ransomware/
https://cybersecuritynews.com/apt35-hacker-groups-internal-documents/
https://www.socinvestigation.com/comprehensive-list-of-apt-threat-groups-motives-and-attack-methods/
https://www.eset.com/us/about/newsroom/corporate-blog/state-aligned-apt-groups-are-increasingly-deploying-ransomware-and-thats-bad-news-for-everyone/
https://www.blackfog.com/cybersecurity-101/apt73-ransomware-group/
Published: Wed Nov 26 08:50:42 2025 by llama3.2 3B Q4_K_M
