CISA Releases New Resources Identifying Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware

Release Date

Today, as part of the Ransomware Vulnerability Warning Pilot (RVWP), CISA launched two new resources for combating ransomware campaigns:

  • A “Known to be Used in Ransomware Campaigns” column in the KEV Catalog that identifies KEVs associated with ransomware campaigns.
  • A “Misconfigurations and Weaknesses Known to be Used in Ransomware Campaigns” table on that identifies misconfigurations and weaknesses associated with ransomware campaigns. The table features a column that identifies the Cyber Performance Goal (CPG) action for each misconfiguration or weakness.

These two new resources will help organizations become more cybersecure by providing mitigations that protect against specific KEVs, misconfigurations, and weaknesses associated with ransomware.

CISA encourages all organizations to review the blog about this RVWP effort, as well as the new KEV catalog column and updated site and implement applicable mitigations today.

This product is provided subject to this Notification and this Privacy & Use policy.