The Cybersecurity and Infrastructure Security Agency (CISA) announced Monday a pilot program designed to help critical infrastructure entities vulnerable to cyberattacks mitigate a ransomware incident before it occurs.
The Ransomware Vulnerability Warning Pilot will allow CISA to “determine vulnerabilities commonly associated with known ransomware exploitation and warn critical infrastructure entities,” the agency said in a press release announcing the program.
CISA said it will use its cyber hygiene scanning service to identify to organizations internet-accessible vulnerabilities commonly exploited by ransomware actors. The agency said it already alerted 93 organizations running an outdated Microsoft Exchange Service vulnerability called “ProxyNotShell.” Threat actors have exploited the vulnerability to access “emails on an organization’s server and … plant malware on an Exchange server,” according to Kroll’s “Q4 2022 Threat Landscape Report.”
Microsoft provided mitigation steps to address the vulnerability before issuing a patch in November.
The pilot program was authorized by the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which empowers CISA to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments to the agency.
“Ransomware attacks continue to cause untenable levels of harm to organizations across the country, including target-rich, resource-poor entities like many school districts and hospitals,” said Eric Goldstein, executive assistant director for cybersecurity at CISA, in the agency’s release. “The [program] will allow CISA to provide timely and actionable information that will directly reduce the prevalence of damaging ransomware incidents affecting American organizations.”