The Ransomware Vulnerability Warning Pilot (RVWP), a free program from the US government’s Cybersecurity and Infrastructure Security Agency (CISA) that aims to help businesses reduce the chances of catching ransomware, has been such a success that it will see a wider launch soon.
Currently in the pilot stage, RVWP works by notifying member organizations of vulnerabilities in the software they use, and which ransomware groups are actively exploiting.
In a blog post, CISA said that through RVWP, more than 1,700 notifications were sent out last year. Roughly half (49%) of the threats were then mitigated through patching, pulling vulnerable endpoints off the internet, or various workarounds.
Pilot ending by 2025
“Organizations participating in this no-cost service typically reduce their risk and exposure by 40% within the first 12 months and most see improvements in the first 90 days,” CISA said.
The pilot program is free and available for everyone who wants to participate.
CISA also says that it is capable of notifying even those organizations who are not rolled in, as long as their vulnerable servers can be found, and identified, on search engines such as Shodan. Ultimately, if the identity of the vulnerable organization is hidden, CISA can issue a subpoena to notify them of the risk.
Currently, more than 7,600 organizations are signed up, CISA concluded.
The pilot is expected to conclude by the end of the year, after which it should become fully operational. “The warning pilot is focused on reducing the prevalence of ransomware by using our vulnerability scanning tools to let businesses know if they have vulnerabilities that need to be patched,” CISA Director Jen Easterly told CyberScoop.
With ransomware threats constantly rising, and evolving to become more dangerous by the day, these types of programs can make plenty of difference.
More from TechRadar Pro
Services Marketplace – Listings, Bookings & Reviews