Surge in Ransomware Incidents Prompts Federal Cybersecurity Guidance and Enforcement Across Sectors

The Federal Communications Commission (FCC) is the latest federal agency to signal it is monitoring companies’ cybersecurity practices and their susceptibility to cyber-attacks. Specifically, in a January 29, 2026 Public Notice, the FCC issued warnings to small and mid-sized communications providers about the sharp rise in ransomware incidents that are disrupting operations, exposing sensitive information, and locking companies out of essential systems.  

The Big Picture

While the recent FCC’s Public Notice was targeted towards the communications sector, the underlying message applies more broadly: cybersecurity is a priority for the current Administration.  Other federal agencies have been ramping up enforcement related to companies’ cybersecurity practices.  For example, in 2025 the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) entered into 21 settlements for alleged violations of the Health Insurance Portability and Accountability Act’s (HIPAA) cybersecurity requirements.  This nearly matches HHS OCR’s busiest year on record, which occurred in 2022 and involved 22 settlements.

The Department of Justice (DOJ) and Department of Defense (DOD) have likewise been conducting substantial enforcement as part of their Civil Cyber-Fraud Initiative, which focuses on defense contractors’ cybersecurity obligations.  In 2025 alone, the DOJ entered into nearly 10 settlements with defense contractors for their allegedly non-compliant cybersecurity practices.

This enforcement activity is layered on top of the added pressure from Congress who is demanding answers from nationwide carriers and the Cybersecurity and Infrastructure Security Agency (CISA) regarding the Salt Typhoon cybersecurity breaches.

What is Ransomware?

Ransomware is malicious code designed to encrypt files on devices, rendering them and the systems on which they rely unusable. Threat actors can launch ransomware attacks by: (1) engaging in social engineering; (2) hiding malware in downloads of software; (3) creating fake or compromised websites that prompt the user to download ransomware; (4) exploiting vulnerabilities in remote access or management software; and (5) using stolen credentials.  After gaining initial access, threat actors typically establish persistent access, conduct network reconnaissance, and use lateral movement in the network to plant ransomware (and encrypt files) or exfiltrate sensitive company files.  Threat actors will then typically demand a ransom payment in exchange for decrypting targeted files or for preventing the release of stolen data.

Best Practices

Aside from complying with the regulations, organizations should ensure that they are dedicating an adequate budget for cybersecurity given the significant disruption that cybersecurity attacks, including ransomware, can cause.  Specifically, investments in proactive cybersecurity measures, such as employee training and network monitoring, and sufficient insurance coverage are essential to strengthening your cybersecurity posture and protecting your network and systems from the growing number of threats.

Although the FCC’s Public Notice was directed at communications providers, its recommended best practices align with widely endorsed federal guidance from CISA, the Federal Trade Commission (FTC), and the National Institute of Standards and Technology (NIST) and are applicable across industries.  Key measures include:

1. developing cybersecurity incident response and risk management plans;
2. regularly updating and patching software;
3. enabling multi-factor authentication (MFA);
4. regularly backing up data;
5. training employees in cybersecurity awareness and security principles;
6. segmenting the network appropriately while implementing a “zero trust” architecture;
7. deploying detection and protection processes and regularly scanning for vulnerabilities, including implementing endpoint detection and response (EDR) and managed detection and response (MDR) solutions; and
8. evaluating risks posed by third parties, including vendors and managed service providers.

Womble Bond Dickinson’s Communications, Technology, and Media and Privacy and Cybersecurity teams help companies comply with regulatory obligations and decrease their cybersecurity risks related to government investigations.  If you have any questions regarding the federal cybersecurity guidance or your own cybersecurity posture, please contact one of the authors.