CISA Launches Ransomware Vulnerability Warning Pilot

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently launched the Ransomware Vulnerability Warning Pilot (RVWP) program. Here’s what you need to know.

What is CISA’s Ransomware Vulnerability Warning Pilot program?

CISA’s RVWP program helps critical infrastructure entities protect their systems against ransomware attacks by fixing exploitable vulnerabilities in their internet-facing systems.

The RVWP program has two goals:

  1. To scan critical infrastructure entities’ networks for internet-exposed systems with vulnerabilities that ransomware attackers often exploit to breach networks; and
  2. To help vulnerable organizations fix the flaws before they get hacked.

How does the RVWP program work?

CISA leverages authorities and technology to take a more proactive approach to identifying vulnerabilities. According to the agency, once it identifies systems at risk for a ransomware attack, regional CISA staff members make notifications to the affected organizations.

These notifications contain key information regarding the vulnerable system, such as the manufacturer and model of the device, the IP address in use, how CISA detected the vulnerability and guidance on how the vulnerability should be mitigated. CISA regional staff members will make notifications by phone call or email.

The RVWP program is authorized under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This program is one of several initiatives launched by CISA in the past two years to fend off the increasing ransomware threat on critical infrastructure entities and U.S. government agencies.

What should I do?

Organizations should review CISA’s “Stop Ransomware” site, which offers guidance and resources, including a ransomware guide and ransomware response checklist. If your organization is contacted regarding a vulnerability, you can verify it through CISA by emailing [email protected] or calling 888-282-0870. Make sure you apply the recommendations they provide as quickly as you can to avoid a potential ransomware attack.

Have you registered for our next event?