... in detecting a ransomware attack early is shown in the diagram below. As you can see, the organization has several Remote Desktop Protocol (RDP) servers connected to the network, and are isolated on their
own network segment. There are some legitimate workstations on that same segment, but there are also two honeypot servers. One of the servers is set up to look like a file server, the second a backup server. Both of these will likely be very attractive to a ransomware actor.