The Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday its new Ransomware Vulnerability Warning Pilot (RVWP) to warn critical infrastructure entities of vulnerabilities commonly associated with known ransomware exploitation.
“Most organizations may be unaware that a vulnerability used by ransomware threat actors is present on their network,” the RVWP website says. “Through the [RVWP], which started on January 30, 2023, CISA is undertaking a new effort to warn critical infrastructure entities that their systems have exposed vulnerabilities that may be exploited by ransomware threat actors.”
According to the March 13 press release officially announcing CISA’s ransomware warning pilot, the RVWP was authorized by the Cyber Incident Reporting for Critical Infrastructure Act of 2022, and will be coordinated by and aligned with the Joint Ransomware Task Force.
“Ransomware attacks continue to cause untenable levels of harm to organizations across the country, including target rich, resource poor entities like many school districts and hospitals,” said CISA’s Eric Goldstein, the agency’s executive assistant director for cybersecurity.
“The RVWP will allow CISA to provide timely and actionable information that will directly reduce the prevalence of damaging ransomware incidents affecting American organizations,” Goldstein said in a statement.
According to RVWP’s website, CISA leverages existing authorities and technology to proactively identify information systems that contain security vulnerabilities commonly associated with ransomware attacks.
Once CISA identifies these affected systems, its regional cybersecurity personnel notify system owners by phone call or email of their security vulnerabilities, thus enabling timely mitigation before damaging intrusions occur.
CISA recently initiated the RVWP by notifying 93 organizations identified as running instances of Microsoft Exchange Service with a vulnerability called “ProxyNotShell,” which has been widely exploited by ransomware actors, the press release says.
This initial round of notifications demonstrated the effectiveness of this model in enabling timely risk reduction as CISA further scales the RVWP to additional vulnerabilities and organizations.
Organizations interested in enrolling can email firstname.lastname@example.org.