Interview As ransomware gangs intensify their attacks on healthcare, schools and other critical infrastructure in the US, CISA is expanding a program to help these organizations address flaws exploited by extortionists in the first place.

The US government's cybersecurity nerve center launched its Ransomware Vulnerability Warning Pilot system in January 2023, and in its first year the system sent out 1,754 notifications to vital devices using Internet-accessible vulnerable devices. The idea is that these organizations close the identified holes ASAP to avoid being held to ransom.

"We are proactively looking for these vulnerabilities and making notifications to critical infrastructure organizations to let them know that the vulnerabilities in question are being exploited by ransomware threat groups, and that they should address these vulnerabilities as soon as possible," Gabe Davis, CISA's Acting Director. head of the risk intelligence and operations section, told The Register in an interview that you can watch below.

According to the Homeland Security agency, nearly half (852, or 49 percent) of those notifications resulted in organizations either patching, taking systems briefly offline to fix the problem, or otherwise mitigating exploitable flaws.