CISA now warns critical infrastructure of ransomware-vulnerable devices

Today, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) announced a new pilot program to help critical infrastructure entities protect their information systems from ransomware attacks.

"Through the Ransomware Vulnerability Warning Pilot (RVWP), which started on January 30, 2023, CISA is undertaking a new effort to warn critical infrastructure entities that their systems have exposed vulnerabilities that may be exploited by ransomware threat actors," the cybersecurity agency said.

CISA's newly established Ransomware Vulnerability Warning Pilot (RVWP) program has two goals: to scan critical infrastructure entities' networks for Internet-exposed systems with vulnerabilities that ransomware attackers often exploit to breach networks and help vulnerable organizations fix the flaws before they get hacked.

"As part of RVWP, CISA leverages existing authorities and technology to proactively identify information systems that contain security vulnerabilities commonly associated with ransomware attacks," the cybersecurity agency said.

"Once CISA identifies these affected systems, our regional cybersecurity personnel notify system owners of their security vulnerabilities, thus enabling timely mitigation before damaging intrusions occur."

This is part of a broader effort to fend off the escalating ransomware threat that started almost two years ago after a barrage of cyberattacks targeting critical infrastructure organizations and U.S. government agencies, starting with ransomware attacks that hit the networks of Colonial Pipeline, JBS Foods, and Kaseya.

In June 2021, the agency released the Ransomware Readiness Assessment (RRA), a new module for its Cyber Security Evaluation Tool (CSET).

RRA helps organizations assess their readiness to prevent and recover from ransomware attacks and can be customized for different cybersecurity maturity levels.

Two months later, in August 2021, CISA published guidance to help at-risk government and private sector organizations prevent ransomware data breaches.

This list of best practices was released in response to multiple ransomware gangs using data stolen from victims in double extortion schemes where they threatened to leak the stolen info on their dedicated leak site, a tactic now adopted by most ransomware operations.

Earlier that month, CISA launched a new partnership to protect U.S. critical infrastructure from ransomware and other cyber threats, known as the Joint Cyber Defense Collaborative (JCDC).

JCDC has brought together federal agencies, state and local governments, and private sector organizations to create cyber defense plans for resilience against malicious cyber activity targeting critical infrastructure.

When announced, the JCDC has enlisted several private sector partners, such as Microsoft, Google Cloud, Amazon Web Services, AT&T, Crowdstrike, FireEye Mandiant, Lumen, Palo Alto Networks, and Verizon, and government organizations like the Defense Department, the NSA, the Justice Department, the FBI, the U.S. Cyber Command, and the Office of the Director of National Intelligence.

Since then, CISA has also launched a dedicated portal to provide all the resources needed to prepare, defend against, and block ransomware attacks, including the tools needed to report ransomware incidents and request technical assistance.