CISA is rolling out its ransomware warning program soon

News
By Sead Fadilpašić
published

More help against ransomware is on the way

security
(Image credit: Shutterstock / binarydesign)

The Ransomware Vulnerability Warning Pilot (RVWP), a free program from the US government's Cybersecurity and Infrastructure Security Agency (CISA) that aims to help businesses reduce the chances of catching ransomware, has been such a success that it will see a wider launch soon. 

Currently in the pilot stage, RVWP works by notifying member organizations of vulnerabilities in the software they use, and which ransomware groups are actively exploiting.

In a blog post, CISA said that through RVWP, more than 1,700 notifications were sent out last year. Roughly half (49%) of the threats were then mitigated through patching, pulling vulnerable endpoints off the internet, or various workarounds.

Pilot ending by 2025

“Organizations participating in this no-cost service typically reduce their risk and exposure by 40% within the first 12 months and most see improvements in the first 90 days,” CISA said.

The pilot program is free and available for everyone who wants to participate.

CISA also says that it is capable of notifying even those organizations who are not rolled in, as long as their vulnerable servers can be found, and identified, on search engines such as Shodan. Ultimately, if the identity of the vulnerable organization is hidden, CISA can issue a subpoena to notify them of the risk.

Currently, more than 7,600 organizations are signed up, CISA concluded.

The pilot is expected to conclude by the end of the year, after which it should become fully operational. “The warning pilot is focused on reducing the prevalence of ransomware by using our vulnerability scanning tools to let businesses know if they have vulnerabilities that need to be patched,” CISA Director Jen Easterly told CyberScoop

With ransomware threats constantly rising, and evolving to become more dangerous by the day, these types of programs can make plenty of difference.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.