The US Cybersecurity and Infrastructure Security Agency (CISA) and the Joint Cyber Defense Collaborative (JCDC) have unveiled a new effort to aid organizations in quickly fixing vulnerabilities targeted by ransomware actors.
The Pre-Ransomware Notification Initiative provides businesses with early warnings, enabling them to potentially evict threat actors before they can encrypt data and systems for ransom.
“Using this proactive cyber defense capability, CISA has notified more than 60 entities of early-stage ransomware intrusions since January 2023, including critical infrastructure organizations in the energy, healthcare and public health, water and wastewater systems sectors, as well as the education community,” CISA wrote in an alert published on Thursday.
On the same day, JCDC associate director, Clayton Romans, wrote a separate blog post about the new initiative, highlighting its benefits for critical organizations.
“We know that ransomware actors often take some time after gaining initial access to a target before encrypting or stealing information, a window of time that often lasts from hours to days,” Romans explained. “This window gives us time to warn organizations that ransomware actors have gained initial access to their networks.”
Romans added that early warning notifications can significantly reduce the potential loss of data, as well as the impact on operations, financial ramifications and other negative consequences of ransomware attacks.
Commenting on the new initiative, Avishai Avivi, CISO of cybersecurity firm SafeBreach, said it is a meaningful signal that the Biden Administration is pushing towards implementing the National Cybersecurity Strategy published earlier this month.
Read more on the US strategy here: White House Launches National Cybersecurity Strategy
“This program addresses the strategic objectives listed under pillar two of the national strategy [to help] ‘increase the speed and scale of intelligence sharing and victim notification’ and […] to ‘counter cybercrime, defeat ransomware,’” Avivi explained.
“For the first initiative, CISA provides the victim organizations with early warning and assistance to prevent or recover from ransomware attacks. By doing this, CISA is also addressing the second initiative that removes the malicious actors’ reward structure and disrupts their ability to extort the victim organizations.”
Avivi added that SafeBreach believes this type of collaboration will enable organizations to validate their security controls while also enhancing the resilience of their security program to these types of attacks.