Dive Brief:
- The Cybersecurity and Infrastructure Security Agency’s pre-ransomware notification initiative, which aims to reduce risk by alerting organizations of early-stage ransomware activity, resulted in more than 1,200 pre-ransomware notifications in 2023.
- The federal agency’s effort had a busy and productive first year in operation, including 294 alerts that were also shared with 27 partner countries, according to CISA’s 2023 year in review.
- Notifications were sent to more than 100 K-12 school districts and colleges, respectively, and more than 150 U.S. healthcare organizations. Other sectors that received alerts include organizations in emergency services, water and wastewater, transportation, energy, and state and local government.
Dive Insight:
The earlier an organization is aware of potential ransomware activity, the more likely it is to stop or limit the impact of an attack.
CISA’s Joint Cyber Defense Collaborative gathers tips from cybersecurity researchers, infrastructure providers and threat intelligence firms to notify victims of early-stage ransomware activity.
Federal cyber authorities alerted 60 entities across multiple critical infrastructure sectors of potential pre-ransomware intrusions during the first quarter of 2023 and significantly ramped up notification activity throughout the remainder of the year.
The agency's work with ransomware doesn't stop at alerts. CISA helped a Fortune 500 company hit with a $60 million ransomware attack in February establish a CISO position, and identify areas to improve its IT infrastructure and security controls.
The agency said it also helped a mass transit operator prevent a $350 million ransomware attack on critical transportation infrastructure.
CISA highlighted multiple accomplishments in its look-back on 2023, including more than 1,700 notifications sent to organizations as part of its ransomware vulnerability warning program. Its vulnerability scanning effort covered nearly 7,000 critical infrastructure organizations.
The ransomware vulnerability warning pilot, which warns critical infrastructure operators of exposure to vulnerabilities that can be exploited by threat actors, started in late January 2023 and ultimately resulted in 782 notifications by the end of the year, according to CISA.