{"id":3052,"date":"2024-05-22T04:16:49","date_gmt":"2024-05-22T11:16:49","guid":{"rendered":"https:\/\/www.ssls.com\/blog\/?p=3052"},"modified":"2024-05-22T04:16:50","modified_gmt":"2024-05-22T11:16:50","slug":"cisas-ransomware-warning-program-sees-success","status":"publish","type":"post","link":"https:\/\/www.ssls.com\/blog\/cisas-ransomware-warning-program-sees-success\/","title":{"rendered":"CISA\u2019s ransomware warning program sees success"},"content":{"rendered":"\n
\"\"<\/figure>\n\n\n\n

Ransomware attacks are a continual problem across various industries and organizations and can have a catastrophic impact on a company\u2019s reputation, finances, and technology. According to The State of Ransomware 2024 from Sophos<\/a>, a whopping 59% of organizations were targeted by ransomware last year. 
<\/p>\n\n\n\n\n\n\n\n

Now, the US government’s Cybersecurity and Infrastructure Security Agency (CISA) has developed a free solution: the Ransomware Vulnerability Warning Pilot (RVWP).<\/p>\n\n\n\n

What is RVWP<\/h2>\n\n\n\n

RVWP<\/a> was a requirement of The Cyber Incident Reporting for Critical Infrastructure Act of 2022, launching afterwards in January 2023. Because ransomware attacks usually find success by targeting known technical vulnerabilities, the program’s main aim is to warn organizations of any vulnerabilities on their networks. By fixing these vulnerabilities before they can be exploited, the likelihood of an attack should be reduced significantly. 
<\/p>\n\n\n\n

According to CISA director Jen Easterly<\/a>, \u201cThe warning pilot is focused on reducing the prevalence of ransomware by using our vulnerability scanning tools to let businesses know if they have vulnerabilities that need to be patched.\u201d
<\/p>\n\n\n\n

CISA says it finds these vulnerabilities commonly associated with ransomware attacks by leveraging \u201cexisting authorities and technology, ” including CISA\u2019s Cyber Hygiene Vulnerability Scanning<\/a> service and the Administrative Subpoena Authority<\/a>. Once vulnerabilities are identified, it contacts system owners so that potential threats can be mitigated before they occur.<\/p>\n\n\n\n

Finding success<\/h2>\n\n\n\n

CISA has said that<\/a> organizations participating in RVWP \u201ctypically reduce their risk and exposure by 40% within the first 12 months, and most see improvements in the first 90 days.\u201d In 2023 alone, they sent 1,754 notifications to Internet-operating entities, and 49% of those successfully managed to mitigate attacks through patching, implementing a compensating control, or taking vulnerable devices offline.
<\/p>\n\n\n\n

Cyberscoop reports that you may not even need to be signed up to RVWP to be notified about a potential vulnerability. If a device turns up on an internet-scanning service like Shodan, CISA might contact the associated organization to let them know. <\/p>\n\n\n\n

The impact of ransomware<\/h2>\n\n\n\n

The consequences of a ransomware attack can\u2019t be understated. Recent findings<\/a> show that businesses of every size face can end up paying up to $1.85 million to recover from an attack, and companies are often revictimized by the same threat actors down the line. This sort of outcome is especially devastating to small businesses. 
Considering the threat ransomware poses to businesses, RVWP is promising program. But it\u2019s still only part of the solution. For more information on preventing ransomware attacks, check out our blog<\/a>.\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"

Ransomware attacks are a continual problem across various industries and organizations and can have a catastrophic impact on a company\u2019s reputation, finances, and technology. According to The State of Ransomware 2024 from Sophos, a whopping 59% of organizations were targeted by ransomware last year. <\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3052","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/3052","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/comments?post=3052"}],"version-history":[{"count":1,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/3052\/revisions"}],"predecessor-version":[{"id":3053,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/3052\/revisions\/3053"}],"wp:attachment":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/media?parent=3052"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/categories?post=3052"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/tags?post=3052"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}