The Cybersecurity and Infrastructure Security Agency launched a pilot program to warn critical infrastructure providers of potential ransomware attacks as threats to key industries have grown in recent years.
The Joint Ransomware Task Force is coordinating the program, called the Ransomware Vulnerability Warning Pilot, actively warning organizations about internet-accessible vulnerabilities linked to known threat actors.
CISA launched the program by notifying 93 organizations that were identified as running instances of ProxyNotShell, the agency said.
“Ransomware attacks continue to cause untenable levels of harm to organizations across the country, including target rich, resource poor entities, like many school districts and hospitals,” Eric Goldstein, executive assistant director for cybersecurity at CISA, said in the announcement. “The RVWP will allow CISA to provide timely and actionable information that will directly reduce the prevalence of damaging ransomware incidents affecting American organizations.”
The RVWP was authorized by the Cyber Incident Reporting for Critical Infrastructure Act of 2022, the agency said. CISA is leveraging cyber hygiene scanning technology, and regional officials are notifying organizations they may be vulnerable to attack.
Katell Thielemann, VP analyst at Gartner, said the early warning program recognizes that ransomware threats to critical infrastructure providers has become an issue of national security for the U.S. and the effort is designed to help vulnerable targets get ahead of potential security attacks they cannot always detect.
“Many of these systems have been neglected historically from a security standpoint, and extortionists know that finding a way to force organizations to halt operations can compel them to pay,” Thielemann said via email.
Correction: This article has been updated to correct a quote from Gartner’s Katell Thielemann.