The Federal Trade Commission published its second mandated report to Congress detailing enforcement actions, consumer remediation activities, and policy recommendations to combat ransomware and related cyberattacks. The report emphasizes consumer education, cross‑agency coordination, improved reporting, and tools to disrupt cybercriminal infrastructure and recover funds.

The Federal Trade Commission issued its second statutorily required report to Congress on the agency’s work addressing ransomware and associated cyberattacks, outlining enforcement measures, consumer remediation efforts, and recommendations to strengthen defenses. The report catalogs recent FTC enforcement actions that targeted actors involved in facilitating ransomware payments and described consumer refund and remediation channels the agency has supported. It highlights the importance of timely breach and extortion reporting, information sharing across federal, state, and international partners, and enhanced public education to reduce victimization. The FTC recommends legal and operational changes to improve the disruption of cybercrime infrastructure and to increase authorities available to recover victim funds, including better coordination with financial institutions and payment networks. The document also discusses the role of consumer protection tools—such as deception and unfair practice enforcement—in addressing ransomware facilitators and third-party services that enable payments. Overall, the report positions the FTC as a complementary agency in the broader national effort to deter ransomware through prevention, enforcement, and victim assistance.