CISA launches pilot to spot ransomware vulnerabilities
By uncovering vulnerabilities associated with known exploits, CISA can warn critical infrastructure organizations so they can mitigate issues before a ransomware incident occurs.
State and local agencies battling ransomware now have access to an early warning system that can spot vulnerabilities commonly associated with ransomware attacks.
Municipal organizations in critical infrastructure sectors—including emergency services, transportation, public health, government facilities and water and wastewater utilities—may be unaware that their networks contain a vulnerability exploited in ransomware attacks. Now, the Cybersecurity and Infrastructure Security Agency’s Ransomware Vulnerability Warning Pilot will identify internet-accessible vulnerabilities associated with known ransomware actors and pass that information along to network owners so they can mitigate a vulnerability before an attack occurs, agency officials said.
CISA recently notified 93 organizations they were running instances of Microsoft Exchange Service with a vulnerability called “ProxyNotShell” that had been exploited by ransomware actors. “This initial round of notifications demonstrated the effectiveness of this model in enabling timely risk reduction as we further scale the RVWP to additional vulnerabilities and organizations,” CISA officials said in the program’s announcement.
RVWP uses data sources, multiple open-source and internal tools and its existing services, including Cyber Hygiene Vulnerability Scanning, to spot vulnerabilities in critical infrastructure organizations.
Once CISA identifies an affected system, the agency notifies system owners with the manufacturer and model information, the IP address being used and how the issue was detected, along with guidance on how it should be mitigated, according to the program’s FAQ.
"Ransomware attacks continue to cause untenable levels of harm to organizations across the country, including target rich, resource poor entities like many school districts and hospitals,” said CISA Executive Assistant Director for Cybersecurity Eric Goldstein. “The RVWP will allow CISA to provide timely and actionable information that will directly reduce the prevalence of damaging ransomware incidents affecting American organizations.
“We encourage every organization to urgently mitigate vulnerabilities identified by this program and adopt strong security measures consistent with the U.S. government’s guidance on StopRansomware.gov," said Goldstein.