Poor cybersecurity leaves consumers exposed to ransomware, FTC warns
Consumers in the United States remain at risk from ransomware attacks, online scams, data breaches, and cross-border cyberthreats. The public should be vigilant of unsolicited contacts and take better care to secure their online accounts.
That’s one of the conclusions of the Federal Trade Commission’s (FTC) updated Ransomware Report.
The report is mandated by the Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies Act, better known as the RANSOMWARE Act. It highlights the FTC’s efforts in the fight against cybercrime and cyberattacks from July 1st, 2023, to June 30th, 2025.
During that time, the FTC participated in over 90 data security enforcement actions, including cases against firms such as GoDaddy, Verkada, Blackbaud, and Global Tel*Link.
In each case, companies promised strong security but failed to deliver, thus misleading consumers and increasing the risk of identity theft and fraud, the FTC says. For example, GoDaddy failed to secure shared hosting environments, leading to multiple breaches between 2019 and 2022.
In other cases, poor password controls and encryption, cloud misconfiguration, a lack of timely installed software updates, insufficient network monitoring, or other security measures enabled hackers to exfiltrate personal or corporate information.
Furthermore, the report mentions the continued rise of tech support scams, where criminals pose as computer repair experts or well-known technology companies. Victims are often contacted through pop-up warnings, phone calls, or online ads claiming their computer is infected.
Once scammers gain access, they can cause serious damage, such as installing malware to maintain persistent access, stealing personal information, or making unauthorized charges for expensive online services. The FTC continues to warn the public and educate them about online scams.
The agency raises concerns, noting that some cyberattacks are linked to threat actors based abroad. Countries like China, Iran, North Korea, and Russia are infamous for using ransomware as part of broader geopolitical cyber activities.
The FTC does not bring criminal cases, but shares intelligence with law enforcement authorities and cooperates with foreign regulators to combat cyberthreats.
The FTC urges businesses to encrypt sensitive data, train employees to spot phishing attempts, and respond quickly to breaches. Consumers are advised to ignore unsolicited tech support calls, use strong passwords, and take breach warnings seriously.
Unlock more exclusive Cybernews content on YouTube.
