The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has unveiled additional details regarding misconfigurations and security vulnerabilities exploited by ransomware gangs, aiming to help critical infrastructure organizations thwart their attacks. 

CISA released this information as part of its Ransomware Vulnerability Warning Pilot (RVWP) program, established in January of this year, when it announced that it would warn critical infrastructure orgs of ransomware-vulnerable devices discovered on their network.

Since its inception, CISA's RVWP has identified and shared details of over 800 vulnerable systems with internet-accessible vulnerabilities frequently targeted by various ransomware operations. 

"Ransomware has disrupted critical services, businesses, and communities worldwide and many of these incidents are perpetrated by ransomware actors using known common vulnerabilities and exposures (CVE) (i.e., vulnerabilities)," the U.S. cybersecurity agency said.

"However, many organizations may be unaware that a vulnerability used by ransomware threat actors is present on their network.

"Now, all organizations have access to this information in our known exploited vulnerabilities (KEV) catalog as we added a column titled, 'known to be used in ransomware campaigns.' Furthermore, CISA has developed a second new RVWP resource that serves as a companion list of misconfigurations and weaknesses known to be used in ransomware campaigns."

The Ransomware Vulnerability Warning Pilot enhances our Known Exploited Vulnerabilities catalog by identifying vulns associated w/ransomware. The pilot offers a list of misconfigurations & weaknesses known to be used in ransomware campaigns. Learn more: https://t.co/hhLAhDwofs pic.twitter.com/80reUWDEnW

— Cybersecurity and Infrastructure Security Agency (@CISAgov) October 12, 2023

This effort is part of a broader campaign launched in response to the escalating ransomware threat to critical infrastructure that emerged nearly two years ago with a wave of cyberattacks targeting vital infrastructure entities and U.S. government agencies, including those of Colonial Pipeline, JBS Foods, and Kaseya.

In June 2021, the agency introduced the Ransomware Readiness Assessment (RRA), a new component of its Cyber Security Evaluation Tool (CSET) designed to help organizations evaluate their preparedness to thwart and recover from ransomware attacks.

By August 2021, CISA also released guidance to assist vulnerable government and private sector entities in preventing data breaches resulting from ransomware incidents.

Furthering its commitment, CISA established an alliance with the private sector to safeguard critical U.S. infrastructure from ransomware and other cyber threats. This joint endeavor, the Joint Cyber Defense Collaborative (JCDC), embodies the collective response strategy of all federal agencies and private sector organizations that joined the partnership. 

Since then, the U.S. cybersecurity agency also launched a dedicated online portal, StopRansomware.gov, which serves as a central hub for CISA's effort to provide all the info defenders need to prepare and mitigate ransomware attacks.

Earlier this year, CISA ordered federal agencies to secure their Internet-exposed network devices, and, in a joint advisory with the FBI and the NSA, it revealed a list of the 12 most exploited vulnerabilities in 2022.