International. Guardicore ensures that microsegmentation can break a chain of ransomware attacks, as it contains it in its earliest stages thus preventing it from doing damage.
Oswaldo Palacios, senior account executive for Guardicore, said that knowing the entire chain of ransomware attack, as well as the evidence that precedes the aggression drastically increases the ability to limit the impact of these types of threats and, in some cases, limits the probability of them happening.
The executive mentioned that this type of assaults are the product of human curiosity, when entering links and opening emails with titles such as "here you have your DHL shipment", "your partner is unfaithful ... here you have the proofs", "your Amazon account is compromised", and so on. Therefore, it is important to know the modus operandi of cybercriminals and take into account all possible weak points, from the network to the cloud.
In short, the current context is that cybercriminals and 'state hackers' have become sophisticated enough to use ransomware and enter large companies, federal administrations, global infrastructures or public health organizations and paralyze them.
In fact, some relevant data is that by 2011, there was a ransomware attack every eleven seconds in the world, with a global cost of 20. $000 million. Today, the average cost of rescuing information from a ransomware attack amounts to $84,000 and, according to data from the IBM Security X-Force Threat Intelligence Index 2022 report, ransomware persisted as the top attack method observed in 2021, where Latin America accounted for 29% of attacks.
Most delicately, according to the same report, the groups responsible showed no signs of stopping, despite the uptick in defenses against their attacks. Other data from this document point out that REvil was the most common type of ransomware and the average life of a band, before closing or changing its brand, is 17 months.
Phases of a ransomware attack

According to Oswaldo Palacios, a chain of attack is usually divided into four phases. First the 'initial infection', when the hacker breaches the perimeter, here the malicious entities must get an initial foothold. Normally, this is not a lucrative target or a manager.
As a second is the 'lateral movement', in this phase the attacker seeks to obtain the necessary privileges for encryption, while advancing towards valuable systems and assets.
Thirdly we find 'encryption', which is when ransomware enters a target computer, this is the point where if the organization victim of the attack had a proper segmentation policy it could minimize the damage.
Finally there is the 'propagation' phase. The attack reaches the backups, valuable files and workloads necessary for business activity, which leads to "a catastrophe".
To explain this better, Oswaldo Palacios referred to an exemplary case, the cyberattack on Colonial Pipeline, one of the most important oil pipeline companies in the United States, which paid almost five million dollars to the DarkSide ransomware group, in an attack that caused the fuel supply to be cut off in much of his country.
In this case "the cybercriminals managed to access the network through a virtual private network account, which allowed employees to remotely enter the company's network. That way they had access to the perimeter, then moved towards the escalation of privileges with the aim of accessing the most valuable and confidential data, to finally encrypt them. They were definitely very aggressive, for this reason the attack was very successful."
Microsegmentation as a response
So, for the Guardicore executive, micro-segmentation interrupts the ransomware attack chain in the earliest phases, before the damage occurs.
According to the consulting firm Forrester, micro-segmentation involves splitting a network to a granular level so that security teams have the flexibility to apply the right level of protection to each workload, based on the sensitivity and value of the business.

In such a way, the microsegmentation approach begins with visualization. One of the big hurdles many organizations face is the lack of a clear view of activity across all on-premises and cloud environments. "Microsegmentation collects and displays granular information about users, systems and communication flows, using artificial intelligence and integrations with existing data sources to add context," explained Oswaldo Palacios.
The executive added that with a few clicks from the interactive map, or by selecting from a library of policy recommendations, it is possible to implement highly granular policies, down to the level of processes and individual users if necessary. "Finally, we can start applying the policy that will disrupt the chain of attacks, there is the possibility of creating custom policies that adapt to the unique needs of a company," he said.
In closing, Palacios reiterated that the combination of full visibility and context-driven policy creation is what makes a micro-segmentation solution bring incredible value to businesses and offer more opportunities to disrupt the chain of ransomware attacks at the earliest stages.

