The US CISA announced earlier this week the creation of a new Ransomware Vulnerability Warning Pilot (RVWP) program.
Stemming from the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) and coordinated by the Joint Ransomware Task Force (JRTF), the RVWP will see CISA assess flaws commonly associated with known ransomware exploitation.
Once after finding these vulnerabilities, they will warn critical infrastructure entities with the goal of enabling mitigation before a ransomware incident. To identify entities vulnerable to the bugs, CISA will rely on various existing services, data sources, technologies, and authorities, including its Cyber Hygiene Vulnerability Scanning service.
The Agency confirmed it has already notified 93 organizations running instances of Microsoft Exchange Service about a previously exploited vulnerability called “ProxyNotShell.”
As per the CISA statement, Ransomware attacks continue to cause untenable levels of harm to organizations across the country, including target-rich, resource-poor entities like many school districts and hospitals. The RVWP will allow CISA to provide timely and actionable information that will directly reduce the prevalence of damaging ransomware incidents affecting American organizations.
From the vulnerabilities identified through an external scan, security teams should use that as an opportunity to break the find-and-fix loop and investigate what caused that vulnerability to be released to production, how to find others like it and how to prevent it in the future.