CISA releases new resources identifying known exploited vulnerabilities, misconfigurations linked to ransomware

Oct. 13, 2023
These two new resources will help organizations become more cybersecure by providing mitigations that protect against specific KEVs, misconfigurations, and weaknesses associated with ransomware.

October 13, 2023 -- Today, as part of the Ransomware Vulnerability Warning Pilot (RVWP), CISA launched two new resources for combating ransomware campaigns:

  • A “Known to be Used in Ransomware Campaigns” column in the KEV Catalog that identifies KEVs associated with ransomware campaigns.
  • A “Misconfigurations and Weaknesses Known to be Used in Ransomware Campaigns” table on StopRansomware.gov that identifies misconfigurations and weaknesses associated with ransomware campaigns. The table features a column that identifies the Cyber Performance Goal (CPG) action for each misconfiguration or weakness.

These two new resources will help organizations become more cybersecure by providing mitigations that protect against specific KEVs, misconfigurations, and weaknesses associated with ransomware.

CISA encourages all organizations to review the blog about this RVWP effort, as well as the new KEV catalog column and updated StopRansomware.gov site and implement applicable mitigations today.

This product is provided subject to this Notification and this Privacy & Use policy.