FTC Issues Second Report to Congress on its Work to Fight Ransomware and other Cyberattacks

The Federal Trade Commission issued a second report to Congress detailing the agency’s efforts to fight against ransomware and other cyberattacks.

The report is mandated by the Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies Act (RANSOMWARE Act), which requires the Commission to submit reports to Congress on its work to combat cyberattacks. In its initial report from 2023, the agency provided an overview of the FTC’s activities concerning China, Russia, North Korea, and Iran and the FTC’s efforts to combat ransomware—a type of cyber-related attack in which bad actors hold data or computer access hostage until they receive payment—and other types of cyberattacks.

The 2025 Ransomware Report provides an update on those activities and highlights the FTC’s continued contribution to the fight against ransomware and other cyberattacks. The report discusses the FTC’s data security enforcement program aimed at ensuring companies take reasonable steps to protect the personal data they hold noting that the FTC has brought more than 90 enforcement actions with favorable outcomes to date, including settlements with GoDaddy and Illuminate Education.

The agency has also pursued bad actors involved in tech support scams and worked to educate the public and businesses on how to secure and protect data from cyberattacks. Specifically, the FTC’s consumer and business education efforts include up-to-date alerts and advice about malware, cybersecurity, and tech support scams.

The Commission votes to approve the 2025 report was 2-0.