The Cybersecurity and Infrastructure Security Agency announced on Monday a pilot program that aims to identify known vulnerabilities in critical infrastructure networks that ransomware operators commonly use to infect systems and extort victims.
The Ransomware Vulnerability Warning Pilot (RVWP) warns critical infrastructure owners and operators that their vulnerable systems could be exploited and is a requirement from the Cyber Incident Reporting for Critical Infrastructure Act of 2022. The program started Jan. 30 and has already notified 93 organizations with the “ProxyNotShell” vulnerability on their Microsoft Exchange Service devices.
“Ransomware attacks continue to cause untenable levels of harm to organizations across the country, including target rich, resource poor entities like many school districts and hospitals” Eric Goldstein, executive assistant director for cybersecurity at CISA, said in a statement. “The RVWP will allow CISA to provide timely and actionable information that will directly reduce the prevalence of damaging ransomware incidents affecting American organizations.”
The pilot comes shortly after the Biden administration launched the national cybersecurity strategy that calls ransomware attacks a threat to national security and public safety. Additionally, the administration convened the Counter-Ransomware Initiative that launched a ransomware task force in January, an international coalition of more than 30 countries to share information and coordinate disruption efforts against ransomware actors.
The pilot leverages CISA’s subpoena authority that Congress granted the agency in 2021, allowing it to obtain a list of vulnerable networks through an internet service provider. The agency also takes advantage of its Cyber Hygiene Services that scans and test participating organizations’ networks looking for vulnerabilities. CISA would notify an organization with flawed devices through regional staff members. There is no requirement to mitigate the bug if notified.