Skip to content

Combating Ransomware: CISA's RVWP and NCSC's Early Warning

Bola Ogbara
Bola Ogbara Connect on LinkedIn
2 min. read

More and more organizations are signing up for CISA's RVWP and NCSC's Early Warning - programs that combat ransomware and strengthen global cybersecurity.

RVWP and Early Warning (2)

At the end of April 2024, the Cybersecurity and Infrastructure Security Agency’s (CISA’s) vulnerability warning program reached a big milestone - issuing over 2,000 alerts to organizations using software that have vulnerabilities that are known to be exploited by ransomware groups. The Ransomware Vulnerability Warning Pilot (RVWP) started on January 30, 2023, fulfilling part of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), which was signed into law in March 2022. 


RVWP is just part of the agency’s Stop Ransomware program, offering a preventative measure in addition to other response tools. CISA uses open-source and internal tools to discover vulnerabilities that appear in critical infrastructure. A “key service” for this endeavor is their Cyber Hygiene Vulnerability Scanning - which checks devices connected to the internet for vulnerabilities in any exposed assets. According to CISA’s blog, this tool reduces the cyber risk and exposure of participating companies “by 40% within the first 12 months”, and “most see improvements in the first 90 days.” 


Through RVWP, CISA identifies companies with heightened cybersecurity risk, and notifies them through regional staff members. These staff members will share important information about the vulnerability, like where it comes from, how it was detected, and help on how to mitigate the vulnerability. 


While organizations are not required to comply with CISA’s recommendations through RVWP, almost half of the notifications (49%) in calendar year 2023 led to some sort of change in the alerted companies - with 852 out of the 1,754 issued notifications resulting in a patch in the vulnerable devices, the creation of a compensating control, or simply being cut off from internet access. Even more organizations (over 7,600) have signed up for the Cyber Hygiene Vulnerability Scanning program that CISA offers, which has identified over 3 million known vulnerabilities since its inception in 2022. 


The RVWP is not the only free warning program that has been used by thousands of companies. Across the pond, the National Cyber Security Centre’s (NCSC’s) Early Warning notifies organizations of malicious activity that is occurring in their systems - this includes active cyber incidents, network abuse events, and vulnerable services. The service was released in May 2021, and is open to any UK organization with a static IP address or domain. According to the NCSC’s Active Cyber Defense report, a total of 7,819 organizations had signed up by the end of 2022. The program also has significant outreach: “Early Warning notified users of malware infection on 823,000 IP addresses (out of 23.8 million that were reported to [them])” in 2022. 


The work done by these programs are not just beneficial to their specific countries, but also contribute to global awareness of exploited vulnerabilities. The 2022 cybersecurity advisory on the most exploited vulnerabilities likely included information gathered from both CISA’s RVWP and the NCSC’s Early Warning. These warning projects are instrumental in the fight against ransomware and in strengthening cybersecurity on a global scale.