CISA Offers Ransomware Vulnerability Warning Notifications to Help Avoid Cyber Incidents

Organizations Encouraged to Enroll in Free Program

The federal Cybersecurity and Infrastructure Security Agency is encouraging public sector and critical infrastructure organizations to enroll in its new Ransomware Vulnerability Warning Pilot program so they can receive notifications from CISA cyber experts anytime a new vulnerability being exploited by threat actors is identified.

The RVWP, authorized by the Cyber Incident Reporting for Critical Infrastructure Act of 2022, gives organizations a heads-up so they may mitigate the vulnerability before a ransomware incident occurs on their networks, according to CISA’s website. 

A warning from CISA-RVWP is “not indicative of a compromise” but “it does indicate you are at risk and the information system requires immediate remediation,” CISA said.

“The RVWP will identify organizations with internet-accessible vulnerabilities commonly associated with known ransomware actors by using existing services, data sources, technologies, and authorities, including our free Cyber Hygiene Vulnerability Scanning service,” CISA said. 

The agency emphasized that organizations should enroll so CISA has correct contact information in order to notify of vulnerabilities in a timely manner. Email [email protected] to enroll in the warning program. 

CISA said in a news release that the RVWP has already helped scores of public sector and critical infrastructure organizations avoid ransomware exploitation by notifying them of newly identified vulnerabilities being used by ransomware actors around the globe. RVWP is managed by the Joint Ransomware Task Force, a group established by CIRCIA last year and led by CISA and the FBI. 

The RVWP website cites an example of how the program is already helping organizations keep their networks secure: “CISA notified 93 organizations identified as running instances of Microsoft Exchange Service with a vulnerability called ‘ProxyNotShell,’ which has been widely exploited by ransomware actors,” the agency said. “This initial round of notifications demonstrated the effectiveness of this model in enabling timely risk reduction as we further scale the RVWP to additional vulnerabilities and organizations.”

Under the new program, CISA “leverages existing authorities and technology to proactively identify information systems that contain security vulnerabilities commonly associated with ransomware attacks,” the agency said. “Once CISA identifies these affected systems, our regional cybersecurity personnel notify system owners of their security vulnerabilities, thus enabling timely mitigation before damaging intrusions occur.”

CISA said notifications will come from its regional staff members, located throughout the country, who also may be able to help organizations mitigate the identified vulnerability. “Notifications will contain key information regarding the vulnerable system, such as the manufacturer and model of the device, the IP address in use, how CISA detected the vulnerability, and guidance on how the vulnerability should be mitigated,” the agency said.

Organizations receiving a notification may verify the identity of the sender by emailing [email protected] or by calling (888) 282-0870.

The vulnerability information comes from CISA’s existing personnel and services, data sources, technologies, and law enforcement, including its Cyber Hygiene Vulnerability Scanning service and the Administrative Subpoena Authority granted to CISA under Section 2209 of the Homeland Security Act of 2002.

The agency also encouraged organizations of all kinds to take advantage of its free Cyber Hygiene Vulnerability Scanning service and to establish a relationship with a regional CISA cybersecurity advisor to learn about additional no-cost cybersecurity resources. Organizations enrolled in the Vulnerability Scanning service receive recurring scans, regular reports, established relationships with CISA’s cybersecurity experts, and expedited notifications via documented points of contact. 

"Ransomware attacks continue to cause untenable levels of harm to organizations across the country, including target rich, resource poor entities like many school districts and hospitals” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA. “The RVWP will allow CISA to provide timely and actionable information that will directly reduce the prevalence of damaging ransomware incidents affecting American organizations. We encourage every organization to urgently mitigate vulnerabilities identified by this program and adopt strong security measures consistent with the U.S. government’s guidance on StopRansomware.gov."

Learn more at StopRansomware.gov.

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].


Featured

  • An elementary school teacher and young students interact with floating holographic screens displaying colorful charts and playful data visualizations in a minimalist classroom setting

    New AI Collaborative to Explore Use of Artificial Intelligence to Improve Teaching and Learning

    Education-focused nonprofits Leading Educators and The Learning Accelerator have partnered to launch the School Teams AI Collaborative, a yearlong pilot initiative that will convene school teams, educators, and thought leaders to explore ways that artificial intelligence can enhance instruction.

  • landscape photo with an AI rubber stamp on top

    California AI Watermarking Bill Supported by OpenAI

    OpenAI, creator of ChatGPT, is backing a California bill that would require tech companies to label AI-generated content in the form of a digital "watermark." The proposed legislation, known as the "California Digital Content Provenance Standards" (AB 3211), aims to ensure transparency in digital media by identifying content created through artificial intelligence. This requirement would apply to a broad range of AI-generated material, from harmless memes to deepfakes that could be used to spread misinformation about political candidates.

  • closeup of laptop and smartphone calendars

    2024 Tech Tactics in Education Conference Agenda Announced

    Registration is free for this fully virtual Sept. 25 event, focused on "Building the Future-Ready Institution" in K-12 and higher education.

  • cloud icon connected to a data network with an alert symbol (a triangle with an exclamation mark) overlaying the cloud

    U.S. Department of Commerce Proposes Reporting Requirements for AI, Cloud Providers

    The United States Department of Commerce is proposing a new reporting requirement for AI developers and cloud providers. This proposed rule from the department's Bureau of Industry and Security (BIS) aims to enhance national security by establishing reporting requirements for the development of advanced AI models and computing clusters.