CISA unveils ransomware warning pilot for critical infrastructure
The Cybersecurity and Infrastructure Security Agency (CISA) on Monday unveiled an effort that will collect data about commonly exploited vulnerabilities in ransomware attacks and alert critical infrastructure operators of the risks.
The program “will identify organizations with internet-accessible vulnerabilities commonly associated with known ransomware actors by using existing services, data sources, technologies, and authorities,” according to CISA.
The agency said the pilot had already notified 93 entities of “ProxyNotShell” — a dangerous group of vulnerabilities impacting Microsoft Exchange Server software.
“Ransomware attacks continue to cause untenable levels of harm to organizations across the country, including target rich, resource poor entities like many school districts and hospitals,” Eric Goldstein, executive assistant director for cybersecurity at CISA, said in a statement.
The new warning program will allow CISA “to provide timely and actionable information that will directly reduce the prevalence of damaging ransomware incidents affecting American organizations,” he added.
The effort will be coordinated by the Joint Ransomware Task Force, which was also created by the incident reporting legislation and is co-led by CISA and the FBI.
Martin Matishak is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.