CISA's annual threat landscape report documents a 312 percent increase in ransomware incidents targeting federal contractors with total ransom demands exceeding $2.1 billion.
CISA's 2025 Federal Threat Landscape Report documents a 312 percent increase in ransomware incidents targeting federal contractors and government supply chain entities. Total ransom demands attributed to these incidents exceeded $2.1 billion.
The report identifies three primary attack vectors: unpatched VPN appliances at contractor facilities (41 percent of incidents), compromised software development environments (33 percent), and phishing campaigns targeting employees with access to federal systems (26 percent). Nation-state affiliated groups are attributed to 58 percent of incidents.
Federal contractors handling Controlled Unclassified Information were disproportionately targeted, accounting for 67 percent of incidents despite representing only 22 percent of the federal contractor base.
CISA recommends that agencies require contractors to complete incident response training aligned to the agency's playbooks, maintain offline backup systems tested quarterly, and implement network segmentation verified by third-party assessors annually.
GovAcademy's Ransomware Defense for Public Institutions course (GA-027) and Cyber Incident Response for Agencies course (GA-005) address the specific defensive measures cited in the CISA report. Both courses have been updated with 2025 incident case studies.
The report's supply chain findings directly inform GovAcademy's Secure Software Supply Chain course (GA-025), which covers SBOM generation, vulnerability disclosure requirements, and CISA Known Exploited Vulnerabilities catalog integration.
Several major federal prime contractors have reached out to GovAcademy seeking enterprise training agreements covering their entire cybersecurity workforces, citing the report's contractor-specific recommendations as justification for the investment.