Check out our companion blog!

How Network Segmentation Stops Ransomware from Spreading (UCSF Case Study)

Network segmentation to prevent ransomware is one of the most effective things you can do — and the UCSF attack shows exactly why it works.
UCSF got hit with ransomware. Attackers got in through compromised credentials — no phishing, no door-kicking, just stolen VPN access. But here's what saved them: their network was segmented. The infection spread to one part of their environment and stopped there. Their healthcare operations, their labs, their core IT — all kept separate. That's not luck. That's architecture.

In this episode, Dr. Mike Saylor — co-author with me on Learning Ransomware Response and Recovery — joins me and Prasanna to break down network segmentation to prevent ransomware in plain language. We talk about what it actually is, how VLANs work, the "need to talk" principle, microsegmentation, and how to start doing this without accidentally taking out your mainframe.

(I have a story about that last one. It involves a server named Snazzy and a credit card company. You'll want to hear it.)

We also get into something a lot of people miss: complexity is its own risk. You can configure segmentation till the cows come home and end up with a system nobody can troubleshoot when things go sideways. More layers doesn't mean more protection. We talk about where to draw that line.

If you're trying to make the case to leadership for better network architecture, or you just want to know what would actually stop ransomware from ripping through your environment — this is the episode.

🎙️ Hosted by W. Curtis Preston (Mr. Backup) | Co-host: Prasanna Malaiyandi | Guest: Dr. Mike Saylor

📖 Get the book: Learning Ransomware Response and Recovery — https://www.oreilly.com/library/view/learning-ransomware-response/9781098169572/

🛡️ See what Mike and I are building: https://www.stopransomware.com

⏱️ CHAPTERS
00:00:00 — Intro
00:01:40 — Welcome & Guest Introductions
00:05:17 — Case Study: UCSF Ransomware Attack
00:08:13 — What Is Network Segmentation?
00:12:32 — VLANs Explained
00:19:50 — The Need to Talk Principle
00:30:54 — Complexity vs. Security
00:31:09 — Microsegmentation
00:38:55 — Action Items: Where to Start
00:42:05 — Monitoring VLAN Traffic