The US government and critical infrastructure entities received 1754 ransomware vulnerability notifications in 2023 through the Ransomware Vulnerability Warning Pilot (RVWP) program [2].

Description

In 2023, the US government and critical infrastructure entities received 1754 ransomware vulnerability notifications through the Ransomware Vulnerability Warning Pilot (RVWP) program [2], resulting in 852 vulnerable devices being secured or taken offline [2]. The highest number of alerts were sent to government facilities (641) [2], followed by healthcare and public health (440) [2], energy (173) [2], financial services (127) [2], transportation (83) [2], and critical manufacturing (69) [2]. Nearly half of the vulnerable devices were patched [2], implemented compensating controls [2] [3] [5], or taken offline after receiving a RVWP notification [2], demonstrating the effectiveness of RVWP in driving timely mitigation efforts and protecting critical infrastructure [3]. The RVWP initiative [1] [2], launched by the Cybersecurity and Infrastructure Security Agency (CISA) in March 2023 [2], aims to reduce the risk of ransomware attacks by proactively warning organizations to mitigate vulnerabilities commonly exploited by ransomware [2]. CISA uses its Cyber Hygiene Vulnerability Scanning tool to monitor internet-connected devices for known vulnerabilities and works closely with notified entities to drive timely mitigation efforts [2]. The RVWP program is aligned with the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) and the Joint Ransomware Task Force (JRTF) [2]. Organizations are encouraged to enroll in the Cyber Hygiene Vulnerability Scanning service [2], review the #StopRansomware Guide [2], and report observed ransomware activity to CISA and federal law enforcement [2]. The program aims to help federal government [5], state and local agencies [5], and critical infrastructure organizations mitigate vulnerabilities and protect their networks from ransomware attacks [5]. CISA encourages organizations to adopt its Cyber Hygiene Vulnerability Scanning service [5], which can reduce exposure to vulnerabilities commonly exploited by ransomware attacks by 40 percent within the first year [5]. CISA Director Jen Easterly announced that about 7,000 entities have signed up for the RVWP program [1], with expectations for this number to increase by the end of 2024 [1]. Since the program’s launch, 2,049 notifications have been sent across all sectors [1]. Additionally, CISA has launched the ReadySetCyber initiative to provide tailored technical assistance [1], services [1] [2] [3] [4] [5], and resources to critical infrastructure organizations [1] [5]. The initiative is currently in a piloting phase [1], with plans for a formal launch by the end of the year to automate capabilities for faster information dissemination [1]. The Pre-Ransomware Notification Initiative has also sent out about 2,000 warnings to further enhance cybersecurity efforts [1].

Conclusion

The RVWP program has had a significant impact in securing vulnerable devices and driving timely mitigation efforts to protect critical infrastructure from ransomware attacks. With the adoption of the Cyber Hygiene Vulnerability Scanning service and other initiatives, organizations can reduce their exposure to ransomware vulnerabilities and enhance their cybersecurity posture. The future implications of these programs are promising, with increasing enrollment expected and plans for further automation to improve information dissemination and response times.

References

[1] https://www.meritalk.com/articles/easterly-touts-ransomware-warnings-teases-readysetcyber-pilot/
[2] https://www.infosecurity-magazine.com/news/vulnerable-devices-secured-cisa/
[3] https://opengovasia.com/2024/04/26/ransomware-resilience-navigating-threats-in-the-u-s-financial-sector/
[4] https://www.cisa.gov/news-events/news/cyber-hygiene-helps-organizations-mitigate-ransomware-related-vulnerabilities
[5] https://executivegov.com/2024/04/cisa-offers-update-on-ransomware-vulnerability-warning-pilot-program/