Close this search box.

The 30 countries pledging to fight ransomware in US-led global coalition


Representatives from 30 countries last week pledged to “fight” the dangers posed by the global ransomware threat.

Officials from the U.S., the European Union, and 28 other countries also pledged to “harden the financial system” from exploitation by the global ransomware ecosystem. The coalition declared ransomware an “escalating global security threat with serious economic and security consequences”.

The White House released a statement on its website describing the aims of the collective action. The collective group described the threat coming from:

“…operations against local health providers that endanger patient care, to those directed at businesses that limit their ability to provide fuel, groceries, or other goods to the public. Ransomware poses a significant risk to critical infrastructure, essential services, public safety, consumer protection and privacy, and economic prosperity”

White House Statement

The collective statement was issued by ministers and representatives of Australia, Brazil, Bulgaria, Canada, Czech Republic, the Dominican Republic, Estonia, European Union, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, the U.A.E, the U.K., and the U.S.

The move comes as Australia released its own approach to fighting ransomware through a new wave of government activity.

Countries unsurprisingly absent from the list were China and Russia. The West accuses these nations of actively supporting cyber threat actors and clandestine elements.

What ransomware fight is likely to entail

Key initiatives the coalition will focus on will include work to improve the collective baseline when it comes to ransomware protection at a social level.

Efforts will be directed to enhance network resilience by adopting cyber hygiene good practices in the small business sector and the broader public. Examples of this include using strong passwords, securing accounts with multi-factor authentication, maintaining periodic offline data backups, and more.

Fighting back against the financial dimension of ransomware threats

At a financial level, the initiative is marked by its focus on thwarting threat actors’ tactics when it comes to funds and money laundering.

The initiative aims to improve mechanisms to counter the abuse of financial infrastructure to launder ransom payments.

Illicit payments topped nearly $500 million globally in the last two years alone: $400 million in 2020 and $81 million in the first quarter of 2021.

Many of these payments are made possible by clandestine payment mechanisms. These almost always fall foul of anti-money laundering regulations. The networks that facilitate these payments are seldom held accountable. This will be another focus of the collective group of nations.

Cryptocurrency exchanges and operators in special focus

The action comes as international activity ramps up in this space more generally. In late September 2021, the U.S. Treasury Department imposed sanctions on Russian cryptocurrency exchange Suex for helping threat actors launder transactions.

This was the first instance of such an action against a virtual currency exchange.

The U.S. government said at the time that “Treasury will continue to disrupt and hold accountable ransomware actors and their money laundering networks to reduce the incentive for cybercriminals to continue to conduct these attacks”.

The development also comes following an independent report published by the department’s Financial Crimes Enforcement Network (FinCEN). The report tied roughly $5.2 billion worth of Bitcoin transactions to 10 commonly reported ransomware variants.

This was in addition to identifying 177 unique wallet addresses used for ransomware-related payments. In the first half of 2021, ransomware financial activity extracted at least $590 million for threat actors.

The average total monthly suspicious amount of ransomware transactions has risen to $66.4 million as a result. The most commonly reported variants are REvil (aka Sodinokibi), Conti, DarkSide, Avaddon, and Phobos.

It remains to be seen how this newly announced group of nations fares, but ransomware groups will no doubt be wary, with many having already been nervous over the last few months.

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →