The Problem of Ransomware
Ransomware attacks can prevent an organization from delivering its primary service
Organizations are vulnerable to more targeted ransomware attacks on IT and OT environments
Successful attacks can damage an organization's reputation, operations and revenue
76% of organizations experienced a ransomware attack in the last two years
70% of ransomware incidents create more than several days of business disruption
79% of incident response engagements are ransomware related
How does ransomware propagate?
Ransomware attacks follow a very predictable method of spreading across hybrid IT once they have successfully entered an organization. Two of the key tactics employed in this process are “Network and Domain Discovery” and “Lateral Movement”:
MITRE ATT&CK® Tactics Essential to Ransomware
Network Discovery helps the attacker build a better understanding of the target environment – what exists, how are they interconnected, what is accessible.
Stop this and the attacker has less useful information about the victim’s network – the net effect is that they are either limited in the progress they can make or are forced to change their tactics to gather the same information, increasing the chances of detection.
Lateral Movement enables the attacker to move to the next target or intermediary victim.
Stop this and the attack cannot progress any further, significantly reducing the number of compromised resources.
Limiting or preventing Network Discovery and Lateral Movement severely hampers the progress of the attack. However doing this successfully has been a challenge for organizations due to:
- Poor visibility
A lack of visibility makes it difficult to identify potential weak points in the system, and monitor the movements of the attacker - Too many open ports
Commonly used ports left open create pathways for ransomware to quickly spread and take over the organization - A lack of proactive security defenses
Relying solely on detection-based solutions has shown to be too slow in stopping an attack
Zero Trust Segmentation directly addresses these challenges
Contains ransomware attacks
Maintains the resiliency of the business
Makes organizations less vulnerable to targeted attacks
Protects a company’s operations, revenue and reputation
How Zero Trust Segmentation mitigates ransomware
For organizations focused on improving their cyber resilience, Illumio identifies where they are most exposed and, through Zero Trust Segmentation, drastically reduces both their exposed attack surface and the ability of an attacker to spread.
How does Illumio help?
Protect high-value assets
Isolate ransomware at its point of entry - without complex detection methods or making changes to the network – proactively or reactively.
Identify risks to the organization
Understand your highest security risks and see all dependencies. Enforce informed security policies.
Build long-term protection
Enhance defense-in-depth with Zero Trust Segmentation. Easily identify and protect high-value assets.
Related Resources
Anatomy of a Failed Ransomware Attack
See the step-by-step timeline of how a global law firm stopped a ransomware attack in a matter of hours using Illumio.
Stop Ransomware and Isolate Breaches With Zero Trust Segmentation
See your risks and enforce Zero Trust security controls to increase cyber resilience across hybrid clouds, data centers and endpoints.
