CISA Establishes Ransomware Vulnerability Warning Pilot Program

Recognizing the persistent threat posed by ransomware attacks to organizations of all sizes, the Cybersecurity and Infrastructure Security Agency (CISA) announces today the establishment of the Ransomware Vulnerability Warning Pilot (RVWP) as authorized by the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022. Through the RVWP, CISA will determine vulnerabilities commonly associated with known ransomware exploitation and warn critical infrastructure entities with those vulnerabilities, enabling mitigation before a ransomware incident occurs.

The RVWP will identify organizations with internet-accessible vulnerabilities commonly associated with known ransomware actors by using existing services, data sources, technologies, and authorities, including our free Cyber Hygiene Vulnerability Scanning service. Organizations interested in enrolling can email [email protected]

CISA recently initiated the RVWP by notifying 93 organizations identified as running instances of Microsoft Exchange Service with a vulnerability called “ProxyNotShell,” which has been widely exploited by ransomware actors. This initial round of notifications demonstrated the effectiveness of this model in enabling timely risk reduction as we further scale the RVWP to additional vulnerabilities and organizations.

“Ransomware attacks continue to cause untenable levels of harm to organizations across the country, including target rich, resource poor entities like many school districts and hospitals” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA. “The RVWP will allow CISA to provide timely and actionable information that will directly reduce the prevalence of damaging ransomware incidents affecting American organizations. We encourage every organization to urgently mitigate vulnerabilities identified by this program and adopt strong security measures consistent with the U.S. government’s guidance on StopRansomware.gov.”

The RVWP will be coordinated by and aligned with the Joint Ransomware Task Force (JRTF), an inter-agency body established by CIRCIA and co-led by CISA and the FBI.

For more information on RVWP and other available resources for ransomware protection, detection, and response, all organizations are encouraged to visit StopRansomware.gov, a whole-of-government approach for ransomware resources and alerts.

What's Hot

Understanding AI Risk: I Promise This Article Wasn’t Written by ChatGPT (Yet)

Bill to ban TikTok slammed as ‘Patriot Act for the digital age’

DoD Chief Digital and Artificial Intelligence Office Launches Hack the Pentagon Website

CISA Establishes Ransomware Vulnerability Warning Pilot Program

Understanding AI Risk: I Promise This Article Wasn’t Written by ChatGPT (Yet)

DoD Chief Digital and Artificial Intelligence Office Launches Hack the Pentagon Website

Using Psychology to ReSCIND Cyberattacks

Leading MEP proposes flexible lifetime, narrower reporting

Supply Chain Attack Against 3CXDesktopApp

Vulkan Files reveal Russia’s cyberwarfare strategy

Bill to ban TikTok slammed as ‘Patriot Act for the digital age’

DoD Chief Digital and Artificial Intelligence Office Launches Hack the Pentagon Website

Using Psychology to ReSCIND Cyberattacks

V. Blinkevičiūtė apie siūlomus mokesčių pakeitimus: reforma to vadinti negalim, tai panašiau į darbo imitaciją

Despite deaths and chaos, Biden admin. has ‘no regrets’ over Afghanistan withdrawal

Išrinktoms savivaldybių taryboms ir merams − nauji įgaliojimai

Water companies face unlimited fines in crackdown on sewage spills

Meet the young climate leader bringing Europe’s concerns to the UN

Subscribe to Updates

What's Hot

CISA Establishes Ransomware Vulnerability Warning Pilot Program

Articles Liés