The US Cybersecurity and Infrastructure Security Agency has launched the Ransomware Vulnerability Warning Pilot (RVWP) program that will proactively track common vulnerabilities being exploited by ransomware gangs, and warn exposed critical infrastructure entities of the risks to help them mitigate the threat before a cyberattack occurs.
The anti-ransomware project started out by alerting 93 organizations open to the Microsoft Exchange Service “ProxyNotShell” vulnerability that has been observed being exploited by operators of the Play and Cuba ransomware. As of January 2023, there were nearly 60,000 Exchange Server instances still vulnerable to the ProxyNotShell flaws.
“Ransomware attacks continue to cause untenable levels of harm to organizations across the country, including target rich, resource poor entities like many school districts and hospitals” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA. “The RVWP will allow CISA to provide timely and actionable information that will directly reduce the prevalence of damaging ransomware incidents affecting American organizations.”