The diagram also shows how network segmentation can limit the damage from a ransomware attack. If someone in the engineering group opens a phishing email message that launches a ransomware attack, the damage should be contained to the engineering network and possibly the engineering servers. Furthermore, if the firewall is properly configured to block potentially malicious traffic, such as attempted connections over TCP port 135 (RPC, the port used by WMI and PSEexec) or TCP port 3389 (RDP), the ransomware might not even be able to spread to the servers. Segmentation certainly doesn’t stop a ransomware attack, but anything that can minimize the impact of an attack and help speed up the recovery process provides a lot of value.