Reposted from CISA/DHS
Ransomware continues to evolve as a scourge on critical services, businesses, and communities worldwide, causing costly incidents that are increasingly destructive and disruptive. Based on recent industry reporting, it costs businesses an average of $1.85 million to recover from a ransomware attack.3 In addition, 80% of victims who paid a ransom were targeted and victimized again by these criminals.4 The economic, technical, and reputational impacts of ransomware incidents, throughout the initial disruption and, at times, extended recovery, continue to pose a challenge for organizations large and small.
To directly reduce the attack surface and impact of ransomware attacks, the Cybersecurity and Infrastructure Security Agency’s (CISA) Ransomware Vulnerability Warning Pilot (RVWP) focuses on proactive risk reduction through direct communication with federal government, state, local, tribal, territorial (SLTT) government, and critical infrastructure entities to prevent threat actors from accessing and deploying ransomware on their networks. Aligned with the Joint Ransomware Task Force, this pilot provides timely notification to critical infrastructure organizations to mitigate vulnerabilities and protect their networks and systems by using existing services, data sources, technologies, and authorities.
A key service used for warning organizations of ransomware-related vulnerabilities is our Cyber Hygiene Vulnerability Scanning, which monitors internet connected devices for known vulnerabilities and is available to any organization. Organizations participating in this no-cost service typically reduce their risk and exposure by 40% within the first 12 months and most see improvements in the first 90 days. Because the service looks for exposed assets, whether planned or inadvertent, it identifies vulnerabilities that would otherwise go unmanaged. For its use in support of RVWP, it informs organizations of those vulnerabilities commonly associated with known ransomware exploitation.
See Original Post
