Over 850 Vulnerable Devices Secured Through CISA Ransomware Program

Written by

US government and critical infrastructure entities were sent 1754 ransomware vulnerability notifications under the Ransomware Vulnerability Warning Pilot (RVWP) program in 2023, resulting in 852 vulnerable devices being secured or taken offline.

The highest number of alerts were sent to government facilities (641), which encompasses a range of federal, state and local government organizations, including schools and higher education facilities.

Healthcare and public health received the second highest number of ransomware vulnerability notifications, at 440.

This was followed by energy (173), financial services (127), transportation (83) and critical manufacturing (69).

Close to half (49%) of all of vulnerable devices were either patched, implemented a compensating control, or taken offline after receiving a RVWP notification.

RVWP notification breakdown by critical infrastructure sector in 2023. Source: CISA
RVWP notification breakdown by critical infrastructure sector in 2023. Source: CISA

How RVWP Protects Against Ransomware

The RVWP initiative was unveiled by the Cybersecurity and Infrastructure Security Agency (CISA) in March 2023. Its aim is to reduce the risk of ransomware attacks on government and critical infrastructure organizations by proactively warning them to mitigate vulnerabilities commonly associated with known ransomware exploitation.

CISA uses existing services, data sources, technologies, and authorities to identify these flaws, including its Cyber Hygiene Vulnerability Scanning tool, which monitors internet connected devices for known vulnerabilities.

CISA’s regional teams then work closely with the notified entities to drive timely mitigation.

The RVWP stems from the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) and is aligned with the Joint Ransomware Task Force (JRTF).

CISA outlined a range of ways all organizations can work with government to tackle rising ransomware attacks:

  • Enroll in the Cyber Hygiene Vulnerability Scanning service, in which participating organizations typically reduce their risk and exposure by 40% within the first 12 months, and has identified more than 3 million known vulnerabilities for participants since 2022, according to CISA
  • Review the #StopRansomware Guide, which provides a checklist on how to respond to a ransomware incident and protect your organization
  • Report observed ransomware activity to CISA and federal law enforcement, including details of compromise and tactics, techniques and procedures (TTPs)

What’s hot on Infosecurity Magazine?