In response to this growing threat, the Cybersecurity and Infrastructure Security Agency (CISA) has launched the Ransomware Vulnerability Warning Pilot (RVWP). This initiative focuses on proactive risk reduction through direct communication with the federal government, state, local, tribal, territorial (SLTT) government, and critical infrastructure entities. The goal is to prevent threat actors from accessing and deploying ransomware on their networks.
Ransomware, a persistent threat to critical services, businesses, and communities worldwide, continues to evolve, causing costly and disruptive incidents. Recent industry reports estimate that businesses spend an average of $1.85 million to recover from a ransomware attack.
Moreover, a staggering 80% of victims who paid a ransom were targeted again by these criminals. The economic, technical, and reputational impacts of ransomware incidents pose significant challenges for organizations large and small.
CISA’s Ransomware Vulnerability Warning Pilot
Aligned with the Joint Ransomware Task Force, RVWP provides timely notifications to critical infrastructure organizations, allowing them to mitigate vulnerabilities and protect their networks and systems. By leveraging existing services, data sources, technologies, and authorities, CISA aims to reduce the attack surface and impact of ransomware attacks.
A key component of Pilot is the Cyber Hygiene Vulnerability Scanning service, which monitors internet-connected devices for known vulnerabilities. This service, available to any organization, has proven highly effective in reducing risk and exposure. Organizations typically see a 40% reduction in risk within the first 12 months, with most experiencing improvements within the first 90 days.
By identifying exposed assets and vulnerabilities, Cyber Hygiene Vulnerability Scanning helps organizations manage risks that would otherwise go unnoticed. Specifically for Pliot, this service notifies organizations of vulnerabilities commonly associated with ransomware exploitation.
The Success of RVWP in 2023
In Calendar Year (CY) 2023, RVWP completed 1,754 notifications to entities operating vulnerable internet-connected devices. Following these notifications, CISA conducted regular vulnerability scans to assess mitigation efforts. Of the 1,754 notifications, 49% of vulnerable devices were either patched, implemented compensating controls, or taken offline after CISA’s intervention.
CISA’s regional teams collaborate closely with notified entities to ensure timely mitigation efforts, enhancing the overall effectiveness of the Ransomware Vulnerability Warning Pilot.
RVWP enables organizations across critical infrastructure sectors to strengthen their networks against known ransomware vulnerabilities.
By reducing the effectiveness of ransomware tools and procedures, Pliot increases operational costs for ransomware gangs and contributes to deterrence by denial.
Taking Action to #StopRansomware
CISA urges organizations to take proactive measures to protect against ransomware. These measures can include:
Enroll in CISA Cyber Hygiene Vulnerability Scanning: This no-cost service helps organizations raise their cybersecurity posture and reduce business risk by identifying and mitigating vulnerabilities.
Review the #StopRansomware Guide: Utilize the valuable checklist on how to respond to a ransomware incident and protect your organization.
Report Ransomware Activity: Always report observed ransomware activity, including indicators of compromise and tactics, techniques, and procedures (TTPs), to CISA and federal law enforcement partners.
By partnering with CISA and implementing these measures, organizations can effectively combat ransomware and safeguard their digital assets and future.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
Leave a Reply