Security News > 2023 > October > CISA shares vulnerabilities, misconfigs used by ransomware gangs
The U.S. Cybersecurity and Infrastructure Security Agency has unveiled additional details regarding misconfigurations and security vulnerabilities exploited by ransomware gangs, aiming to help critical infrastructure organizations thwart their attacks.
Since its inception, CISA's RVWP has identified and shared details of over 800 vulnerable systems with internet-accessible vulnerabilities frequently targeted by various ransomware operations.
"Ransomware has disrupted critical services, businesses, and communities worldwide and many of these incidents are perpetrated by ransomware actors using known common vulnerabilities and exposures," the U.S. cybersecurity agency said.
"Now, all organizations have access to this information in our known exploited vulnerabilities catalog as we added a column titled, 'known to be used in ransomware campaigns.' Furthermore, CISA has developed a second new RVWP resource that serves as a companion list of misconfigurations and weaknesses known to be used in ransomware campaigns."
In June 2021, the agency introduced the Ransomware Readiness Assessment, a new component of its Cyber Security Evaluation Tool designed to help organizations evaluate their preparedness to thwart and recover from ransomware attacks.
Furthering its commitment, CISA established an alliance with the private sector to safeguard critical U.S. infrastructure from ransomware and other cyber threats.