CISA’s ransomware warning program sees success

Ransomware attacks are a continual problem across various industries and organizations and can have a catastrophic impact on a company’s reputation, finances, and technology. According to The State of Ransomware 2024 from Sophos, a whopping 59% of organizations were targeted by ransomware last year. 

Now, the US government’s Cybersecurity and Infrastructure Security Agency (CISA) has developed a free solution: the Ransomware Vulnerability Warning Pilot (RVWP).

What is RVWP

RVWP was a requirement of The Cyber Incident Reporting for Critical Infrastructure Act of 2022, launching afterwards in January 2023. Because ransomware attacks usually find success by targeting known technical vulnerabilities, the program’s main aim is to warn organizations of any vulnerabilities on their networks. By fixing these vulnerabilities before they can be exploited, the likelihood of an attack should be reduced significantly. 

According to CISA director Jen Easterly, “The warning pilot is focused on reducing the prevalence of ransomware by using our vulnerability scanning tools to let businesses know if they have vulnerabilities that need to be patched.”

CISA says it finds these vulnerabilities commonly associated with ransomware attacks by leveraging “existing authorities and technology, ” including CISA’s Cyber Hygiene Vulnerability Scanning service and the Administrative Subpoena Authority. Once vulnerabilities are identified, it contacts system owners so that potential threats can be mitigated before they occur.

Finding success

CISA has said that organizations participating in RVWP “typically reduce their risk and exposure by 40% within the first 12 months, and most see improvements in the first 90 days.” In 2023 alone, they sent 1,754 notifications to Internet-operating entities, and 49% of those successfully managed to mitigate attacks through patching, implementing a compensating control, or taking vulnerable devices offline.

Cyberscoop reports that you may not even need to be signed up to RVWP to be notified about a potential vulnerability. If a device turns up on an internet-scanning service like Shodan, CISA might contact the associated organization to let them know. 

The impact of ransomware

The consequences of a ransomware attack can’t be understated. Recent findings show that businesses of every size face can end up paying up to $1.85 million to recover from an attack, and companies are often revictimized by the same threat actors down the line. This sort of outcome is especially devastating to small businesses. 
Considering the threat ransomware poses to businesses, RVWP is promising program. But it’s still only part of the solution. For more information on preventing ransomware attacks, check out our blog.

Share on Twitter, Facebook, Google+