The US cybersecurity agency CISA is stepping up its efforts to prevent ransomware by making it easier for organizations to learn about vulnerabilities and misconfigurations exploited in these attacks.
As part of its Ransomware Vulnerability Warning Pilot (RVWP) program launched in March, the agency has released two new resources to help organizations identify and eliminate security flaws and weaknesses known to be exploited by ransomware groups.
“Through the RVWP, CISA determines vulnerabilities that are commonly associated with known ransomware exploitation and warns critical infrastructure entities with those vulnerabilities, helping to enable mitigation before a ransomware incident occurs,” CISA notes.
The first of these resources is a new column in the Known Exploited Vulnerabilities catalog, which flags flaws that CISA is aware of being associated with ransomware campaigns.
The catalog lists more than 1,000 vulnerabilities for which CISA has solid evidence of in-the-wild exploitation, many of which have been targeted in ransomware attacks.
One of the most recent examples of such flaws is CVE-2023-40044, a deserialization of untrusted data bug in Progress Software’s WS_FTP server that could lead to the execution of remote commands on the underlying operating system.
The other new resource CISA is offering now is a new table on the StopRansomware project’s website, which lists information on the misconfigurations and weaknesses that ransomware operators have been observed targeting in their attacks.
For each issue, the table also provides information on the Cyber Performance Goal (CPG) actions that organizations can take as part of their mitigation or compensation efforts.
“These two new resources will help organizations become more cybersecure by providing mitigations that protect against specific KEVs, misconfigurations, and weaknesses associated with ransomware,” CISA notes.
According to CISA, its RVWP has identified more than 800 vulnerable systems to date, within the networks of organizations in the energy, education facilities, healthcare and public health, and water systems industries.
“Ransomware has disrupted critical services, businesses, and communities worldwide and many of these incidents are perpetrated by ransomware actors using known common vulnerabilities and exposures. However, many organizations may be unaware that a vulnerability used by ransomware threat actors is present on their network,” CISA notes.
The agency encourages all organizations to take action to reduce the risk of ransomware by reviewing the available resources. Critical infrastructure entities are encouraged to enroll in CISA’s vulnerability scanning service to receive targeted notifications.