CISA to warn critical infrastructure of ransomware-vulnerable devices

Today, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) announced a new pilot program to help critical infrastructure entities protect their information systems from ransomware attacks.

"Recognizing the persistent threat posed by ransomware attacks to organizations of all sizes, the Cybersecurity and Infrastructure Security Agency (CISA) announces today the establishment of the Ransomware Vulnerability Warning Pilot (RVWP)," the cybersecurity agency said.

CISA's newly established RVWP program has two goals: to scan critical infrastructure entities' networks for Internet-exposed systems with vulnerabilities that ransomware attackers often exploit to breach networks and help vulnerable organizations fix the flaws before they get hacked.

This is part of a broader effort to fend off the escalating ransomware threat that started almost two years ago after a barrage of cyberattacks targeting critical infrastructure organizations and U.S. government agencies, starting with ransomware attacks that hit the networks of Colonial Pipeline, JBS Foods, and Kaseya.

In June 2021, the agency released the Ransomware Readiness Assessment (RRA), a new module for its Cyber Security Evaluation Tool (CSET).

RRA helps organizations assess their readiness to prevent and recover from ransomware attacks and can be customized for different cybersecurity maturity levels.

The Ransomware Readiness Assessment CSERT module

Two months later, in August 2021, CISA published guidance to help at-risk government and private sector organizations prevent ransomware data breaches.

This list of best practices was released in response to multiple ransomware gangs using data stolen from victims in double extortion schemes where they threatened to leak the stolen info on their dedicated leak site, a tactic now adopted by most ransomware operations.

Earlier that month, CISA launched a new partnership to protect U.S. critical infrastructure from ransomware and other cyber threats, known as the Joint Cyber Defense Collaborative (JCDC).

JCDC has brought together federal agencies, state and local governments, and private sector organizations to create cyber defense plans for resilience against malicious cyber activity targeting critical infrastructure.

When announced, the JCDC has enlisted several private sector partners, such as Microsoft, Google Cloud, Amazon Web Services, AT&T, Crowdstrike, FireEye Mandiant, Lumen, Palo Alto Networks, and Verizon, and government organizations like the Defense Department, the NSA, the Justice Department, the FBI, the U.S. Cyber Command, and the Office of the Director of National Intelligence.

Since then, CISA has also launched a dedicated portal to provide all the resources needed to prepare, defend against, and block ransomware attacks, including the tools needed to report ransomware incidents and request technical assistance.