FTC Updates Congress on Its Expanding Role in Combating Ransomware & Cyberattacks

Key Takeaways

• Congressional Reporting Mandate: The FTC’s second ransomware report fulfills its obligation to brief Congress on cyberattack and ransomware-related activities.
• Enforcement Track Record: The agency reports more than 90 data security enforcement actions with favorable outcomes, including settlements with major companies.
• Focus on Reasonable Security: Enforcement efforts center on whether organizations are taking reasonable steps to protect personal data.
• Cyber-Enabled Scams Targeted: The FTC continues to pursue actors behind tech support scams linked to broader cyber risks.
• Education as Prevention: Consumer and business alerts remain a key part of the FTC’s strategy to reduce ransomware and malware exposure.

Deep Dive

The Federal Trade Commission has delivered its second report to Congress outlining how the agency is using its enforcement, oversight, and education authorities to counter ransomware and other cyberattacks, according to a release issued February 6.

The report was submitted under the Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies Act, which requires the FTC to periodically brief Congress on its efforts to address cyber-enabled threats. It follows the Commission’s first report in 2023, which detailed activities related to cyber threats linked to China, Russia, North Korea, and Iran, as well as the FTC’s broader work targeting ransomware and related attacks.

In its 2025 update, the FTC points to a growing body of enforcement activity centered on data security. The report highlights the agency’s data security enforcement program, which focuses on whether companies are taking reasonable steps to safeguard the personal data they collect and store. To date, the FTC reports bringing more than 90 enforcement actions with favorable outcomes, including settlements involving companies such as GoDaddy and Illuminate Education.

Beyond enforcement, the report emphasizes the FTC’s role in pursuing cyber-enabled fraud, particularly tech support scams that are often used as an entry point for malware deployment or data theft. The agency also underscores its ongoing consumer and business education efforts, which include issuing timely alerts and practical guidance on ransomware, malware, cybersecurity hygiene, and how to recognize and avoid tech support scams.

The report positions the FTC not only as a consumer protection regulator, but as an increasingly active player in the broader U.S. response to ransomware and cybercrime, using a combination of enforcement actions, public guidance, and intergovernmental reporting to address evolving digital threats.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.