CISA ransomware warning program will launch this year

The Cybersecurity and Infrastructure Security Agency, an arm of the Department of Homeland Security, is rolling out a program that warns organizations about potential ransomware attacks, CyberScoop reports. The program is currently running as a pilot and will be fully operational by the end of 2024. About 7,000 organizations have signed up for the pilot.

So far, CISA has issued 2,049 warnings since the pilot was launched in January 2023. “The warning pilot is focused on reducing the prevalence of ransomware by using our vulnerability scanning tools to let businesses know if they have vulnerabilities that need to be patched,” CISA Director Jen Easterly told CyberScoop. To get alerts, organizations need to sign up for CISA’s cyber hygiene scanning tool.

According to CISA’s FAQ page for the program, the tool “[e]valuates external network presence by executing continuous scans of public, static IPv4s for accessible services and vulnerabilities. This service provides weekly vulnerability reports and ad-hoc alerts.” Easterly added that CISA will also occasionally use its administrative subpoena power to identify the points of contact for organizations that haven’t signed up for its services and alert them about vulnerabilities it’s found on their internet-facing devices.

Ransomware attacks are on the rise. The number of victims reported by ransomware leak sites increased by 49 percent from 2022 to 2023, according to an analysis earlier this year by one threat intelligence firm. Nearly half of those victims were in the US, the analysis found. The most affected industries were manufacturing, professional and legal services, and high tech. The report also identified 25 sites that offered ransomware as a service, though at least five of those appear to have shut down.