Ransomware Resilience – Utilize CISA’s Ransomware Vulnerability Warning Pilot (RVWP)

In a recent blog post, CISA staff drew awareness to CISA’s Ransomware Vulnerability Warning Pilot (RVWP), a tool used to proactively reduce risk through direct communication with federal government, state, local, tribal, territorial (SLTT) government, and critical infrastructure entities to help combat ransomware. Aligned with the Joint Ransomware Task Force, this pilot provides timely notification to critical infrastructure organizations to mitigate vulnerabilities and protect their networks and systems by using existing services, data sources, technologies, and authorities.   

A key service used for warning organizations of ransomware-related vulnerabilities is CISA’s Cyber Vulnerability Scanning, which monitors internet connected devices for known vulnerabilities and is available to any organization. Organizations participating in this no-cost service typically reduce their risk and exposure by 40% within the first 12 months and most see improvements in the first 90 days. WaterISAC supports CISA’s vulnerability scanning initiative and recently held WaterISAC’s April Cyber Resilience Briefing – If You Could Only Do One Thing: CISA’s Vulnerability Scanning Service for Water and Wastewater Utilities.

For calendar year 2023, RVWP completed 10 notifications to water and wastewater entities operating an internet-accessible vulnerable device. Following notification of the vulnerabilities, CISA regularly conducts vulnerability scans to determine whether the entities appear to have mitigated their vulnerable devices. Their findings indicate that roughly half of the notifications of vulnerable devices were either patched, implemented a compensating control, or taken offline after notification from CISA.

Giving organizations an opportunity to mitigate known vulnerabilities on their internet exposed devices also significantly helps organizations reduce their likelihood of a cyber incident. WaterISAC joins CISA in urging organizations to take the following actions to help #StopRansomware:

• Enroll in the no-cost CISA Cyber Hygiene Vulnerability Scanning, it’s not just about pinpointing vulnerabilities; it’s helping organizations raise their cybersecurity posture and reduce business risk.
• Review the #StopRansomware Guide, which includes a valuable and very useful checklist on how to respond to a ransomware incident and protect your organization.  
• Always report observed ransomware activity, including indicators of compromise and tactics, techniques, and procedures (TTPs), to CISA and our federal law enforcement partners. 

For more information, visit CISA.