February Subscriber Exclusives address security

CISA establishes Ransomware Vulnerability Warning Pilot program

March 14, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) announced the establishment of the Ransomware Vulnerability Warning Pilot (RVWP) as authorized by the Cyber Incident Reporting for Critical Infrastructure Act of 2022. CISA will determine vulnerabilities commonly associated with known ransomware exploitation and warn critical infrastructure entities of those vulnerabilities, enabling mitigation before a ransomware incident occurs through the RVWP.

Organizations across all sectors and of all sizes are too frequently impacted by damaging ransomware incidents often perpetrated by cyber threat actors using known vulnerabilities. By urgently fixing these vulnerabilities, organizations can significantly reduce their likelihood of experience a ransomware event. However, most organizations may be unaware that a vulnerability used by ransomware threat actors is present on their network.

The RVWP will identify organizations with internet-accessible vulnerabilities commonly associated with known ransomware actors by using existing services, data sources, technologies, and authorities, including our free Cyber Hygiene Vulnerability Scanning service. CISA notifications will contain key information regarding the vulnerable system, such as the manufacturer and model of the device, the IP address in use, how CISA detected the vulnerability, and guidance on how the vulnerability should be mitigated.

For more information on RVWP and other available resources for ransomware protection, detection, and response, all organizations are encouraged to visit, a whole-of-government approach for ransomware resources and alerts.