CISA Program Warns Critical Infrastructure Organizations Vulnerable to Ransomware Attacks
The US Cybersecurity and Infrastructure Security Agency (CISA) has launched a pilot program to warn critical infrastructure organizations if their systems contain vulnerabilities that may be exploited in ransomware attacks.
The new Ransomware Vulnerability Warning Pilot (RVWP), which kicked off on January 30, is meant to help those organizations that might be unaware that a vulnerability targeted by ransomware groups is lurking in their networks.
When such a security defect is identified, CISA’s regional cybersecurity personnel notify the impacted entity via phone or email, so that the issue can be resolved before it’s exploited.
According to CISA, the RVWP uses ‘existing authorities and technology’ to proactively discover information systems affected by flaws known to be exploited in ransomware attacks.
“CISA accomplishes this work by leveraging its existing services, data sources, technologies, and authorities, including CISA’s Cyber Hygiene Vulnerability Scanning service and the Administrative Subpoena Authority granted to CISA under Section 2209 of the Homeland Security Act of 2002,” the agency says.
CISA also notes that, as per the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), critical infrastructure entities are required to report cyberattacks and ransom payments. CIRCIA also mandates that CISA proactively identifies systems vulnerable to ransomware attacks.
The notifications sent to vulnerable entities will include details about the vulnerable system, including manufacturer and model, the IP address in use, how the vulnerability was detected, and guidance on how to address the issue.
“Receiving a notification through CISA RVWP is not indicative of a compromise. However, it does indicate you are at risk and the information system requires immediate remediation,” CISA notes.
The notified entities are not required to comply with the provided recommendations.
Over the past several years, CISA and other US government agencies have been warning of the threat posed by various ransomware families, providing organizations with specific details to help them improve their detection capabilities.
Since November 2021, through its Known Exploited Vulnerabilities (KEV) catalog, CISA has been warning public and private organizations about the active exploitation of hundreds of security flaws in popular software, urging them to address those issues in a timely manner.
Related: Watch Sessions: Ransomware Resilience & Recovery Summit
Related: Dozens of Exploited Vulnerabilities Missing From CISA ‘Must Patch’ List
Related: Organizations Warned of Royal Ransomware Attacks