CISA Reveals Ransomware Gang Targeted Vulnerabilities and Misconfigurations

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed additional information about the security flaws and misconfigurations that ransomware gangs exploit. The agency aims to assist critical infrastructure organizations in defending against these attacks.

CISA shared this data as part of its Ransomware Vulnerability Warning Pilot (RVWP) program, initiated in January of this year. This program was created to notify critical infrastructure organizations about devices within their networks that are susceptible to ransomware attacks.

Since its launch, CISA’s RVWP has identified and provided details on over 800 vulnerable systems with internet-accessible weaknesses frequently targeted by various ransomware operations.

Ransomware attacks have disrupted critical services, businesses, and communities worldwide, and many of these incidents are carried out by ransomware actors who exploit well-known security vulnerabilities (CVEs). However, many organizations might not be aware that these vulnerabilities are present on their networks.

To address this, CISA has made this information available to all organizations through its “known exploited vulnerabilities (KEV)” catalog, which includes a column titled “known to be used in ransomware campaigns.” Additionally, CISA has introduced a new RVWP resource that lists misconfigurations and weaknesses commonly exploited in ransomware campaigns.

This initiative is part of a broader effort to combat the increasing threat of ransomware to critical infrastructure. This threat emerged nearly two years ago with a series of cyberattacks targeting vital infrastructure entities and U.S. government agencies, including Colonial Pipeline, JBS Foods, and Kaseya.

In June 2021, CISA introduced the Ransomware Readiness Assessment (RRA), a component of its Cyber Security Evaluation Tool (CSET) designed to help organizations assess their readiness to prevent and recover from ransomware attacks. By August 2021, CISA had issued guidance to help government and private sector entities prevent data breaches resulting from ransomware incidents.

CISA’s commitment to addressing this threat also led to the establishment of the Joint Cyber Defense Collaborative (JCDC), a partnership with the private sector to protect critical U.S. infrastructure from ransomware and other cyber threats. The agency later launched the online portal, serving as a central resource for defenders seeking information to prepare for and mitigate ransomware attacks.

Earlier this year, CISA directed federal agencies to secure their Internet-exposed network devices and, in collaboration with the FBI and NSA, published a list of the 12 most commonly exploited vulnerabilities in 2022.