CISA warns CI operators about vulnerabilities on their networks exploited by ransomware gangs

Organizations in critical infrastructure sectors whose information systems contain security vulnerabilities associated with ransomware attacks are being notified by the US Cybersecurity and Infrastructure Security Agency (CISA) and urged to implement a fix.

CISA ransomware vulnerabilities

A pilot program to strengthen critical infrastructure against ransomware

“CISA leverages multiple open-source and internal tools to research and detect vulnerabilities within U.S. critical infrastructure,” the agency explained in the formal announcement of its Ransomware Vulnerability Warning Pilot (RVWP).

“CISA additionally leverages commercial tools to identify organizations that may be at heightened cybersecurity risk. Once CISA identifies these affected systems, our regional cybersecurity personnel notify system owners of their security vulnerabilities, thus enabling timely mitigation before damaging intrusions occur.”

Critical infrastructure operators are notified about the vulnerabilities either via email or phone, and the notifications include information the vulnerable system/device’s manufacturer and model, its IP address, information on how CISA detected the vulnerability and guidance for mitigating the vulnerability.

The agency notes that receiving a notification does not mean that the system/device in question has been compromised, but that by fixing the found vulnerabilities, organizations can “significantly reduce their likelihood of experiencing a ransomware event.” Unfortunately, though, the recipient organization is not required to institute any of provided recommendations.

Other available resources

The program was started on January 30, 2023, and has been mandated by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). It will be coordinated by the Joint Ransomware Task Force (JRTF).

“CISA recently initiated the RVWP by notifying 93 organizations identified as running instances of Microsoft Exchange Service with a vulnerability called ‘ProxyNotShell,’ which has been widely exploited by ransomware actors. This initial round of notifications demonstrated the effectiveness of this model in enabling timely risk reduction as we further scale the RVWP to additional vulnerabilities and organizations,” the agency noted.

CISA’s Stop Ransomware portal offers additional resources for organizations hit by ransomware and those who want to avoing getting hit by it.

Other free services and tools offered by the agency can help with organizations defend themselves against ransomware and other types of cyber attacks.

Don't miss