CISA Creates New Ransomware Vulnerability Warning Program

Written by

The US Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday the creation of a new Ransomware Vulnerability Warning Pilot (RVWP) program.

Stemming from the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) and coordinated by the Joint Ransomware Task Force (JRTF), the RVWP will see CISA assess flaws commonly associated with known ransomware exploitation.

After finding these vulnerabilities, the Agency will warn critical infrastructure entities with the goal of enabling mitigation before a ransomware incident.

To identify entities vulnerable to the bugs, CISA will rely on various existing services, data sources, technologies and authorities, including its Cyber Hygiene Vulnerability Scanning service.

The Agency confirmed it has already notified 93 organizations running instances of Microsoft Exchange Service about a previously exploited vulnerability called “ProxyNotShell.”

Read more on ProxyNotShell here: Over 100 CVEs Addressed in First Patch Tuesday of 2023

“Ransomware attacks continue to cause untenable levels of harm to organizations across the country, including target-rich, resource-poor entities like many school districts and hospitals,” said Eric Goldstein, executive assistant director for cybersecurity at CISA. 

“The RVWP will allow CISA to provide timely and actionable information that will directly reduce the prevalence of damaging ransomware incidents affecting American organizations.”

Commenting on the news, Jamie Boote, associate principal consultant at Synopsys, said that while RVWP is a good starting point for cybersecurity, it should be noted that problems and vulnerabilities rarely show up in isolation.

“Whenever a vulnerability is found through an external scan, security teams should use that as an opportunity to break the find-and-fix loop and investigate what caused that vulnerability to be released to production, how to find others like it and how to prevent it in the future,” Boote explained.

“These scanning efforts are just the beginning, both in terms of federal cybersecurity efforts and for the teams [...] on the receiving end of a vulnerability disclosure.”

The RVWP program comes weeks after the White House launched its National Cybersecurity Strategy.

What’s hot on Infosecurity Magazine?