Privacy & Cybersecurity Law Blog

On February 6, 2026, the Federal Trade Commission announced that it had issued its second report to Congress regarding the FTC’s efforts to fight against ransomware and other cyber attacks. The report is mandated by the Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies Act (referred to as the RANSOMWARE Act). The report was unanimously approved by the FTC by a vote of 2-0.

The FTC issued its initial report in 2023, which provided an overview of the FTC’s activities concerning China, Russia, North Korea, and Iran and the FTC’s efforts to combat ransomware.  This latest report provides an update and highlights the FTC’s data security enforcement program, which requires companies to put in place reasonable measures to safeguard personal information. In terms of enforcement, the FTC has pursued more than 90 enforcement actions, including settlements with entities such as GoDaddy and Illuminate Education.

In addition to enforcement, the FTC has targeted perpetrators of tech support scams and has undertaken efforts to educate both consumers and businesses on best practices for data security. The educational initiatives include alerts and guidance regarding malware, cybersecurity, and tech support scams.