CISA Now Flagging Vulnerabilities, Misconfigurations Exploited by Ransomware

CISA is now flagging vulnerabilities and misconfigurations that are known to be exploited in ransomware attacks.

CISA is now flagging vulnerabilities and misconfigurations that are known to be exploited in ransomware attacks.

The US cybersecurity agency CISA is stepping up its efforts to prevent ransomware by making it easier for organizations to learn about vulnerabilities and misconfigurations exploited in these attacks.

As part of its Ransomware Vulnerability Warning Pilot (RVWP) program launched in March, the agency has released two new resources to help organizations identify and eliminate security flaws and weaknesses known to be exploited by ransomware groups.

“Through the RVWP, CISA determines vulnerabilities that are commonly associated with known ransomware exploitation and warns critical infrastructure entities with those vulnerabilities, helping to enable mitigation before a ransomware incident occurs,” CISA notes.

The first of these resources is a new column in the Known Exploited Vulnerabilities catalog, which flags flaws that CISA is aware of being associated with ransomware campaigns.

The catalog lists more than 1,000 vulnerabilities for which CISA has solid evidence of in-the-wild exploitation, many of which have been targeted in ransomware attacks.

One of the most recent examples of such flaws is CVE-2023-40044, a deserialization of untrusted data bug in Progress Software’s WS_FTP server that could lead to the execution of remote commands on the underlying operating system.

The other new resource CISA is offering now is a new table on the StopRansomware project’s website, which lists information on the misconfigurations and weaknesses that ransomware operators have been observed targeting in their attacks.

For each issue, the table also provides information on the Cyber Performance Goal (CPG) actions that organizations can take as part of their mitigation or compensation efforts.

Advertisement. Scroll to continue reading.

“These two new resources will help organizations become more cybersecure by providing mitigations that protect against specific KEVs, misconfigurations, and weaknesses associated with ransomware,” CISA notes.

According to CISA, its RVWP has identified more than 800 vulnerable systems to date, within the networks of organizations in the energy, education facilities, healthcare and public health, and water systems industries.

“Ransomware has disrupted critical services, businesses, and communities worldwide and many of these incidents are perpetrated by ransomware actors using known common vulnerabilities and exposures. However, many organizations may be unaware that a vulnerability used by ransomware threat actors is present on their network,” CISA notes.

The agency encourages all organizations to take action to reduce the risk of ransomware by reviewing the available resources. Critical infrastructure entities are encouraged to enroll in CISA’s vulnerability scanning service to receive targeted notifications.

Related: US Government Releases Security Guidance for Open Source Software in OT, ICS

Related: CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability

Related: Organizations Warned of Top 10 Cybersecurity Misconfigurations Seen by CISA, NSA

Related Content

Data Breaches

Ascension says patient information was stolen in an early-May ransomware attack that involved an employee downloading malware.


The Black Basta ransomware gang may have exploited the Windows privilege escalation flaw CVE-2024-26169 before it was patched.


The TellYouThePass ransomware gang started exploiting a recent code execution flaw in PHP days after public disclosure.

Data Breaches

Auction house Christie's says the data breach caused by the recent ransomware attack impacts the information of 45,000 individuals.

Data Breaches

Frontier Communications is notifying over 750,000 individuals that their personal information was stolen in a recent data breach.


A Russian cyber gang is believed to be behind a ransomware attack that disrupted London hospitals and led to operations and appointments being canceled.


The FBI has obtained more than 7,000 LockBit ransomware decryption keys and is urging victims to get in touch with its IC3.


Mandiant saw an increase in ransomware activity in 2023 compared to 2022, including a 75% increase in posts on data leak sites.

Copyright © 2024 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version