CISA’s ransomware warnings helped patch 852 vulnerabilities


The US Cybersecurity and Infrastructure Security Agency (CISA) sent 1,754 Ransomware vulnerability warnings last year. In 852 cases (49%), organizations patched vulnerable devices.

CISA established the Ransomware Vulnerability Warning Pilot (RVWP) for proactive risk reduction by directly communicating with the government and critical infrastructure entities to prevent threat actors from accessing and deploying ransomware on their networks.

Last year, RVWP completed 1,754 notifications to organizations operating an internet-accessible vulnerable device.

ADVERTISEMENT

“Our findings indicated that 852 of the 1,754 notifications (49%) of vulnerable devices were either patched, implemented a compensating control, or taken offline after notification from CIS,” the press release reads.

CISA did not explain why various entities didn’t pay attention to more than half of the notifications.

Most notifications were sent to government and education facilities (641), followed by healthcare and public health institutions (440) and energy (173).

“The RVWP program enables organizations from all critical infrastructure sectors to harden their networks with respect to the vulnerabilities that ransomware gangs are known to use. As a result, it reduces the effectiveness of ransomware gang tools and procedures,” CISA said.

CISA offers a no-cost Cyber Hygiene Vulnerability Scanning service that monitors internet-connected devices for known vulnerabilities and is available to any organization. It looks for exposed assets online and identifies vulnerabilities that would otherwise go unmanaged.

Participants typically reduce their risk and exposure by 40% within the first 12 months.

Cyber Hygiene Vulnerability Scanning covers more than 7,600 organizations across all sectors and has identified more than three million known vulnerabilities for participants since 2022, according to CISA.

The agency urges other organizations to enroll at no cost, review the provided checklist and other tools, and always report observed ransomware activity.

ADVERTISEMENT