Security Experts:

Connect with us

Hi, what are you looking for?



CISA Program Warns Critical Infrastructure Organizations Vulnerable to Ransomware Attacks

A new CISA pilot program to warn critical infrastructure organizations if their systems are unpatched against vulnerabilities exploited in ransomware attacks.

The US Cybersecurity and Infrastructure Security Agency (CISA) has launched a pilot program to warn critical infrastructure organizations if their systems contain vulnerabilities that may be exploited in ransomware attacks.

The new Ransomware Vulnerability Warning Pilot (RVWP), which kicked off on January 30, is meant to help those organizations that might be unaware that a vulnerability targeted by ransomware groups is lurking in their networks.

When such a security defect is identified, CISA’s regional cybersecurity personnel notify the impacted entity via phone or email, so that the issue can be resolved before it’s exploited.

According to CISA, the RVWP uses ‘existing authorities and technology’ to proactively discover information systems affected by flaws known to be exploited in ransomware attacks.

“CISA accomplishes this work by leveraging its existing services, data sources, technologies, and authorities, including CISA’s Cyber Hygiene Vulnerability Scanning service and the Administrative Subpoena Authority granted to CISA under Section 2209 of the Homeland Security Act of 2002,” the agency says.

CISA also notes that, as per the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), critical infrastructure entities are required to report cyberattacks and ransom payments. CIRCIA also mandates that CISA proactively identifies systems vulnerable to ransomware attacks.

The notifications sent to vulnerable entities will include details about the vulnerable system, including manufacturer and model, the IP address in use, how the vulnerability was detected, and guidance on how to address the issue.

“Receiving a notification through CISA RVWP is not indicative of a compromise. However, it does indicate you are at risk and the information system requires immediate remediation,” CISA notes.

The notified entities are not required to comply with the provided recommendations.

Over the past several years, CISA and other US government agencies have been warning of the threat posed by various ransomware families, providing organizations with specific details to help them improve their detection capabilities.

Since November 2021, through its Known Exploited Vulnerabilities (KEV) catalog, CISA has been warning public and private organizations about the active exploitation of hundreds of security flaws in popular software, urging them to address those issues in a timely manner.

Related: Watch Sessions: Ransomware Resilience & Recovery Summit

Related: Dozens of Exploited Vulnerabilities Missing From CISA ‘Must Patch’ List

Related: Organizations Warned of Royal Ransomware Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.


The City of Oakland has disclosed a ransomware attack that impacted several non-emergency systems.


Dole was forced to shut down systems in North America due to a ransomware attack, which has reportedly led to salad shortages in some...


The personal and health information of more than 3.3 million individuals was stolen in a ransomware attack at Regal Medical Group.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.