CISA’s early-warning system helped critical orgs close 852 ransomware holes – Source: go.theregister.com

Interview As ransomware gangs step up their attacks against healthcare, schools, and other US critical infrastructure, CISA is ramping up a program to help these organizations fix flaws exploited by extortionists in the first place.

The US government’s cybersecurity nerve center launched its Ransomware Vulnerability Warning Pilot scheme in January 2023, and during its first year the system sent out 1,754 notifications to entities operating internet-accessible vulnerable devices. The idea being that those orgs shut the identified holes ASAP to avoid being held to ransom.

“We proactively look for these vulnerabilities, and make notifications to critical infrastructure organizations to let them know that the vulnerabilities in question are being exploited by ransomware threat groups, and that they should remediate those vulnerabilities as soon as possible,” Gabe Davis, CISA’s acting risk intelligence and operations section chief, told The Register in an interview you can watch below.

Youtube Video

According to the Homeland Security agency almost half (852, or 49 percent) of these notifications resulted in organizations either patching, taking systems briefly offline to fix the issue, or in some other way mitigating exploitable flaws.

The pilot program came out of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) that President Biden signed into law in March 2022. It’s set to launch as a fully automated warning system by the end of next year.

This is one of the many tools CISA offers to Americans to help them combat ransomware and other cyber threats, according to Davis.

“In the spirit of NBA playoff season, I’m going to use the analogy of a full-court press,” he said. “We’re going to continue doing all the things to try to impact the capability of these threat actors to operate and make it financially and operationally difficult for them to execute on these organizations.” ®