CISA unveils ransomware warning pilot for critical infrastructure

The Cybersecurity and Infrastructure Security Agency (CISA) on Monday unveiled an effort that will collect data about commonly exploited vulnerabilities in ransomware attacks and alert critical infrastructure operators of the risks.

The Ransomware Vulnerability Warning Pilot launched Jan. 30 and was mandated under the sweeping cyber incident reporting legislation President Joe Biden signed into law last year.

The program “will identify organizations with internet-accessible vulnerabilities commonly associated with known ransomware actors by using existing services, data sources, technologies, and authorities,” according to CISA.

The agency said the pilot had already notified 93 entities of “ProxyNotShell” — a dangerous group of vulnerabilities impacting Microsoft Exchange Server software.

“Ransomware attacks continue to cause untenable levels of harm to organizations across the country, including target rich, resource poor entities like many school districts and hospitals,” Eric Goldstein, executive assistant director for cybersecurity at CISA, said in a statement.

The new warning program will allow CISA “to provide timely and actionable information that will directly reduce the prevalence of damaging ransomware incidents affecting American organizations,” he added.

The effort will be coordinated by the Joint Ransomware Task Force, which was also created by the incident reporting legislation and is co-led by CISA and the FBI.