CISA Launches Ransomware Vulnerability Warning Pilot Program
The U.S. Cybersecurity and Infrastructure Agency (CISA) has launched a new pilot program in response to the increase in ransomware attacks on critical infrastructure entities. The aim of the pilot program is to help critical infrastructure entities better protect their systems against ransomware attacks by fixing exploitable vulnerabilities in their Internet-facing systems.
The Ransomware Vulnerability Warning Pilot (RVWP) program is authorized under the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022 and commenced on January 30, 2023. Under the program, CISA conducts scans to determine if Internet-exposed systems contain vulnerabilities that could potentially be exploited by ransomware actors to gain access to their networks. Alerts are then sent to those entities by CISA’s regional cybersecurity personnel to inform them that vulnerabilities exist, which will allow timely action to be taken to fix the flaws before they can be exploited by ransomware gangs or other malicious actors. CISA says critical infrastructure entities may be unaware that they have exploitable vulnerabilities in their systems and may only discover unpatched vulnerabilities once they have been exploited in a ransomware attack. CISA said the RVWP program leverages existing services, data sources, technologies, and authorities including CISA’s Cyber Hygiene Vulnerability Scanning Service and the Administrative Subpoena Authority granted to CISA under Section 2009 of the Homeland Security Act of 2022.
The program is focused on identifying vulnerabilities in Internet-facing systems that are known to have been exploited by ransomware gangs in previous attacks. Under the RVWP program, CISA has already notified almost 100 critical infrastructure entities that they have systems with unaddressed ProxyNotShell vulnerabilities in Microsoft Exchange. ProxyNotShell vulnerabilities have been widely exploited by ransomware gangs over the past few months.
“Ransomware attacks continue to cause untenable levels of harm to organizations across the country, including target rich, resource-poor entities like many school districts and hospitals,” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA. “The RVWP will allow CISA to provide timely and actionable information that will directly reduce the prevalence of damaging ransomware incidents affecting American organizations. We encourage every organization to urgently mitigate vulnerabilities identified by this program and adopt strong security measures consistent with the U.S. government’s guidance on StopRansomware.gov.” CISA also encourages critical infrastructure entities to report ransomware attacks to the U.S. government via the FBI’s Internet Crime Complaint Center or CISA’s incident reporting system.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The RVWP program is one of several initiatives launched by CISA in the past two years in response to ransomware attacks on critical infrastructure entities and government agencies, including the attacks on Colonial Pipeline, JBS Foods, and Kaseya. These efforts include the addition of a Ransomware Readiness Assessment (RRA) module to its Cyber Security Evaluation Tool (CSET), the formation of a public-private partnership – the Joint Cyber Defense Collaborative (JCDC) to proactively gather, analyze, and share actionable cyber risk information– and the launch of its Stop Ransomware website, which serves as a one-stop-shop for alerts and ransomware resources.