The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has launched a new pilot program to help critical infrastructure entities protect their information systems from ransomware attacks.
Ransomware Vulnerability Warning Pilot (RVWP) program aims to scan critical infrastructure entities’ networks for Internet-exposed systems with vulnerabilities that ransomware attackers often exploit to breach networks and help vulnerable organizations fix the flaws before they get hacked.
This is part of a broader effort to fend off the escalating ransomware threat that started almost two years ago after a barrage of cyberattacks targeting critical infrastructure organizations and U.S. government agencies.
CISA has been taking several measures to combat the growing ransomware threat. In June 2021, the agency released the Ransomware Readiness Assessment (RRA), a new module for its Cyber Security Evaluation Tool (CSET) to help organizations assess their readiness to prevent and recover from ransomware attacks.
Two months later, in August 2021, CISA published guidance to help at-risk government and private sector organizations prevent ransomware data breaches. The list of best practices was released in response to multiple ransomware gangs using data stolen from victims in double extortion schemes where they threatened to leak the stolen info on their dedicated leak site, a tactic now adopted by most ransomware operations.
In addition to the RVWP program, CISA launched a new partnership in August 2021 known as the Joint Cyber Defense Collaborative (JCDC). The JCDC has brought together federal agencies, state and local governments, and private sector organizations to create cyber defense plans for resilience against malicious cyber activity targeting critical infrastructure.
Several private sector partners such as Microsoft, Google Cloud, Amazon Web Services, and government organizations like the Defense Department, the NSA, the Justice Department, and the FBI are enlisted in the JCDC.
CISA has also launched a dedicated portal to provide all the resources needed to prepare, defend against, and block ransomware attacks, including the tools needed to report ransomware incidents and request technical assistance.
