CISA Launches Anti-Ransomware Alert System for Exploitable Vulnerabilities

Date:

March 14, 2023

World map

CISA has launched a pilot program to identify known vulnerabilities in critical infrastructure networks that could be exploited by ransomware operators to infect systems and exfiltrate victim data for extortion.

The Ransomware Vulnerability Warning Pilot (RVWP) is designed to alert critical infrastructure operators of vulnerable systems as required by the recent Cyber Incident Reporting for Critical Infrastructure Act of 2022.  

“Ransomware attacks continue to cause untenable levels of harm to organizations across the country, including target rich, resource poor entities like many school districts and hospitals” said Eric Goldstein, executive assistant director for cybersecurity at CISA, as reported by CyberScoop.  

“The RVWP will allow CISA to provide timely and actionable information that will directly reduce the prevalence of damaging ransomware incidents affecting American organizations.”

Takeaway: Threat actors have been actively probing networks for exploitable vulnerabilities for decades, so the RVWP program that CISA announced is a good idea. Researchers doing analysis using tools like Shodan have demonstrated numerous times that there is an incredible number of insecure and exploitable internet-connected devices out there, and the high number in the critical infrastructure space has always been concerning.  

Identifying all assets in a network - especially the vulnerable ones - is just the first step in mounting a reasonable defense posture that will be resilient in the case of a serious security event, like a ransomware attack. Even then, organizations still need to prioritize implementing their own multi-layered resilience capabilities:

  • Endpoint Protection (EPP): Deploy an anti-ransomware solution alongside existing Endpoint Protection Platforms (EPP/DR/XDR) to bridge the gaps in ransomware-specific coverage
  • Patch Management: Keep all software and operating systems up to date and patched
  • Data Backups: Assure critical data is backed up offsite and protected from corruption in the case of a ransomware attack
  • Access Control: Implement network segmentation and policies of least privilege (Zero Trust)
  • Awareness: Implement an employee awareness program to educate against risky behaviors, phishing techniques, etc.
  • Resilience Testing: Regularly test solutions against simulated ransomware attacks to assure effective detection, prevention, response, and full recovery of targeted systems
  • Procedure Testing: Plan and prepare for failure by running regular tabletop exercises and ensuring all stakeholders are ready and available to respond to an attack at all times

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.