CISA is worried that critical infrastructure is vulnerable to ransomware attacks

ransomware avast
(Image credit: Avast)

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is worried about critical infrastructure organizations being targeted by ransomware actors. 

To minimize the chances of that happening, the government body launched a new pilot program to help scan networks for bad actors, and help vulnerable firms fix their flaws before the problem escalates.

The program is called the “Ransomware vulnerability warning pilot” (RVWP), and it was officially launched on January 2023. 

Securing the perimeter

"As part of RVWP, CISA leverages existing authorities and technology to proactively identify information systems that contain security vulnerabilities commonly associated with ransomware attacks," the organization said. 

“Once CISA identifies these affected systems, our regional cybersecurity personnel notify system owners of their security vulnerabilities, thus enabling timely mitigation before damaging intrusions occur."

Ever since the devastating attack on Colonial Pipeline, which happened in early May 2021, the United States government has been hard at work looking to protect its critical infrastructure and has started proactively targeting ransomware threat actors. 

The attack against Colonial Pipeline is considered the biggest cyberattack on an oil infrastructure organization in US history, as it disrupted oil and gas distribution in 17 states.

The group behind the attack was identified as DarkSide, and reports claim that Colonial Pipeline paid the ransom demand (approximately $4.4 million) in bitcoin just a few hours after the attack. Less than a month later, though, the US Department of Justice announced that they had seized almost all of the bitcoin used to pay the ransom (63.7 out of 75). But DarkSide still managed to steal at least 100GB of sensitive data. 

That same month, CISA released the Ransomware Readiness Assessment (RRA), a new module for its Cyber Security Evaluation Tool (CSET), helping businesses analyze how prepared they are for a ransomware scenario. Later that year, CISA published additional guidance, helping at-risk organizations tackle the growing problem of ransomware attacks.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.