Contain Ransomware Through Physical Path Severance
Ransomware relies on network reachability to spread, encrypt, and extort. When the paths it depends on are physically severed, lateral movement stops. Recovery assets remain beyond reach.
Threat Response
If ransomware can reach your backups, you do not have backups. If it can traverse between network segments, containment is theoretical. Physical disconnection makes containment absolute.
73%
Of ransomware attacks involve lateral movement across network segments
21 days
Average dwell time before ransomware detonation
Zero
Recovery assets reachable from network-connected infrastructure
Minutes
From detection to complete path severance across all zones
Ransomware exploits the connections organisations depend on.
Lateral Movement
Once inside the perimeter, ransomware traverses network segments through legitimate pathways, escalating privileges and encrypting systems faster than response teams can isolate them.
Backup Destruction
Modern ransomware specifically targets backup infrastructure. Network-connected recovery systems are encrypted alongside production data, eliminating the primary recovery mechanism.
Dwell Time Exploitation
Attackers spend weeks mapping the network before detonation, identifying backup schedules, disabling security tools, and positioning encryption payloads across every reachable system.
The Scenario
Scenario: Ransomware Detonation in a Multi-Site Enterprise
A logistics company detects ransomware encryption beginning on a file server at 02:14 on a Saturday morning. The malware has been resident for 18 days, during which it mapped network shares, identified backup schedules, and deployed encryption payloads to 340 systems across four sites. The attackers disabled volume shadow copies and encrypted the backup server before detonating the primary payload. With Firevault Control, the Fracture module severs all inter-site connectivity within 90 seconds of the SOC alert. The Vault module holds air-gapped recovery copies that the ransomware never reached. By 06:00, the company is restoring from known-good copies while the encrypted segments remain physically isolated for forensic analysis.
"We had backups. We had immutable storage. We had network segmentation. The ransomware encrypted all of it because every system was reachable from every other system. Physical disconnection is the only thing that would have stopped it."
Physical containment that ransomware cannot bypass.
Firevault Control provides the only ransomware containment that does not depend on the same network infrastructure the ransomware has compromised. Physical path severance stops lateral movement. Air-gapped recovery copies ensure restoration. Tamper-proof logging preserves the evidence chain.
- Physical path severance that stops lateral movement in seconds
- Air-gapped recovery copies beyond the reach of any network-based attack
- Pre-positioned physical segmentation that limits blast radius
- Multi-party authorisation for all recovery operations
- Tamper-proof forensic evidence on disconnected storage
- Automated compliance evidence for regulatory notification
Fracture, Emergency Network Severance
Module 1 of 4Physically disconnects network segments within seconds of a ransomware alert. Lateral movement stops because the paths cease to exist. No firewall rule to bypass, no VLAN to hop. The connection is physically removed.
Featured In
'%3e%3cpath%20fill='%23E40784'%20d='M141.363%2026.6a5.905%205.905%200%200%201-5.899-5.9%205.905%205.905%200%200%201%205.899-5.895%205.901%205.901%200%200%201%205.895%205.895%205.9%205.9%200%200%201-5.895%205.9Zm0-8.347a2.448%202.448%200%200%200%200%204.895%202.449%202.449%200%200%200%202.447-2.448%202.449%202.449%200%200%200-2.447-2.447ZM141.363%200c-.821%200-1.638.052-2.447.144v3.731a16.897%2016.897%200%200%201%202.447-.177c9.373%200%2017.002%207.626%2017.002%2017.002%200%20.825-.063%201.642-.177%202.448h3.732c.095-.81.143-1.627.143-2.448%200-11.411-9.285-20.7-20.7-20.7Z'/%3e%3cpath%20fill='%23E40784'%20d='M141.363%207.268c-.825%200-1.645.077-2.447.228v3.787a9.733%209.733%200%200%201%202.447-.313c5.369%200%209.734%204.368%209.734%209.734%200%20.832-.107%201.652-.313%202.447h3.783c.151-.802.228-1.623.228-2.447.004-7.412-6.024-13.436-13.432-13.436Z'/%3e%3cpath%20fill='%23fff'%20d='M71.382%207.537h-2.84a5.82%205.82%200%200%200-5.815%205.818v9.785h4.037v-9.789a1.78%201.78%200%200%201%201.777-1.777h2.841V7.537ZM80.539%2019.1a3.787%203.787%200%200%201-3.783-3.784%203.787%203.787%200%200%201%203.783-3.783%203.787%203.787%200%200%201%203.783%203.784%203.787%203.787%200%200%201-3.783%203.783Zm0-11.6c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82%201.372%200%202.66-.357%203.78-.982v.982h4.036V15.32c.004-4.313-3.503-7.82-7.816-7.82ZM41.806%2018.71a5.512%205.512%200%200%201-4.34%202.1%205.55%205.55%200%200%201-5.541-5.541%205.55%205.55%200%200%201%205.542-5.543c1.696%200%203.279.766%204.339%202.102l.088.114%201.656-1.656-.077-.092a7.865%207.865%200%200%200-6.01-2.797c-4.339%200-7.871%203.533-7.871%207.872s3.532%207.871%207.871%207.871a7.865%207.865%200%200%200%206.01-2.797l.077-.091-1.656-1.656-.088.113ZM19.479%207.397c-4.34%200-7.872%203.53-7.872%207.872%200%204.342%203.533%207.871%207.872%207.871a7.883%207.883%200%200%200%207.205-4.71l.081-.18H24.15l-.037.058a5.543%205.543%200%200%201-10.05-1.873h13.2l.015-.11c.048-.357.073-.714.073-1.053%200-4.346-3.529-7.875-7.871-7.875Zm-5.417%206.705a5.54%205.54%200%200%201%205.417-4.376%205.54%205.54%200%200%201%205.417%204.376H14.06ZM46.192%2023.14h2.33v-8.847a4.599%204.599%200%200%201%204.593-4.592%204.599%204.599%200%200%201%204.592%204.592v8.844h2.33v-9.149h-.008a6.887%206.887%200%200%200-2.082-4.648%206.89%206.89%200%200%200-4.832-1.972%206.863%206.863%200%200%200-4.593%201.751V.545h-2.33V23.14ZM2.686%207.393H0v2.33h2.686v8.471a4.944%204.944%200%200%200%204.94%204.939h2.435v-2.33H7.625a2.613%202.613%200%200%201-2.609-2.612V9.726h3.772v-2.33H5.016V1.84h-2.33v5.553ZM101.968%208.457a7.721%207.721%200%200%200-2.547-.858c-.088-.014-.177-.03-.265-.04-.1-.011-.199-.022-.302-.03a9.993%209.993%200%200%200-.574-.029c-.022%200-.04-.004-.062-.004h-.037c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82h.037c.25%200%20.496-.014.743-.04l.037-.003a7.742%207.742%200%200%200%203.003-.939v.979h4.037L106.005.537h-4.037v7.92Zm0%206.863a3.788%203.788%200%200%201-3.769%203.78%203.786%203.786%200%200%201-3.76-3.78c0-2.08%201.688-3.772%203.764-3.78a3.787%203.787%200%200%201%203.765%203.78ZM119.75%2023.11h4.037V15.299c-.011-4.302-3.515-7.798-7.82-7.798-4.313%200-7.821%203.507-7.821%207.82%200%204.313%203.508%207.82%207.821%207.82%201.372%200%202.66-.357%203.783-.982v.953Zm-3.783-4.01a3.786%203.786%200%200%201-3.783-3.784%203.786%203.786%200%200%201%203.783-3.783%203.79%203.79%200%200%201%203.783%203.78v.003a3.787%203.787%200%200%201-3.783%203.784ZM132.273%207.5a5.824%205.824%200%200%200-5.818%205.818v9.822h4.037v-9.822a1.78%201.78%200%200%201%201.777-1.777h2.841V7.5h-2.837ZM173.736%2020.807a5.534%205.534%200%200%201-5.527-5.527%205.534%205.534%200%200%201%205.527-5.528%205.535%205.535%200%200%201%205.528%205.528%205.535%205.535%200%200%201-5.528%205.527Zm0-13.399a7.852%207.852%200%200%200-5.527%202.274V7.393h-2.344V30h2.344v-9.127a7.836%207.836%200%200%200%205.527%202.275c4.339%200%207.872-3.533%207.872-7.872s-3.533-7.868-7.872-7.868ZM186.735%2023.14h-2.385v-9.81a5.84%205.84%200%200%201%205.833-5.834h2.848v2.385h-2.848a3.45%203.45%200%200%200-3.448%203.448v9.811ZM202.813%209.774a5.535%205.535%200%200%200-5.528%205.528%205.535%205.535%200%200%200%205.528%205.527%205.534%205.534%200%200%200%205.527-5.527%205.534%205.534%200%200%200-5.527-5.528Zm0%2013.4c-4.339%200-7.872-3.533-7.872-7.872%200-4.34%203.533-7.872%207.872-7.872s7.872%203.53%207.872%207.872c0%204.339-3.533%207.871-7.872%207.871Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h210.68v30H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
Key Capabilities
Sub-Minute Severance
Physical path disconnection across all network zones completes within 90 seconds of an authorised command, stopping lateral movement faster than any software-based containment.
Unreachable Recovery Copies
Air-gapped backups stored in the Vault module are physically disconnected from all network infrastructure. Ransomware cannot encrypt what it cannot reach.
Pre-Positioned Segmentation
Network segments are physically separated during normal operations, limiting the blast radius before an incident occurs.
Multi-Party Authorisation
Emergency severance and recovery operations require multiple authorised parties, preventing a single compromised account from interfering with the response.
Tamper-Proof Forensics
All network path changes, access events, and recovery operations are logged to physically disconnected storage that cannot be altered by the attacker.
Regulatory Evidence
Automated compliance logging provides the evidence required for ICO notification, NIS2 incident reporting, and cyber insurance claims.
Demo to Live
Adoption Guide
Lateral Movement Audit
Map every network path that ransomware could traverse between segments, identifying backup infrastructure reachability and inter-site connections.
Containment Architecture
Design physical segmentation zones with Fracture points at every critical boundary and air-gapped Vault positions for recovery assets.
Tabletop Exercise
Simulate a ransomware detonation scenario with physical path severance, testing response times, multi-party authorisation, and recovery from air-gapped copies.
Production Deployment
Deploy across all network zones with automated alerting integration, continuous compliance evidence generation, and scheduled recovery copy rotation.
Lateral Movement Audit
Map every network path that ransomware could traverse between segments, identifying backup infrastructure reachability and inter-site connections.
Containment Architecture
Design physical segmentation zones with Fracture points at every critical boundary and air-gapped Vault positions for recovery assets.
Tabletop Exercise
Simulate a ransomware detonation scenario with physical path severance, testing response times, multi-party authorisation, and recovery from air-gapped copies.
Production Deployment
Deploy across all network zones with automated alerting integration, continuous compliance evidence generation, and scheduled recovery copy rotation.
Win Business, Earn Trust, and Build Reputation with Butterfly
Butterfly is an operational model that helps organisations structure sensitive data to close deals faster, strengthen client relationships, and demonstrate the governance maturity that wins enterprise contracts.
Built on the VPPP framework (Vault, Policy, Permissions, Purpose), Butterfly maps your sensitive data and assigns dedicated Vaults by role, relationship, and purpose, turning data stewardship into a competitive advantage.
Deal Readiness
Governed materials ready to share with confidence
Client Trust
Demonstrate stewardship that earns loyalty
Board Confidence
Clear governance that inspires stakeholders
Enterprise Scale
Structure data governance across your organisation
Who Uses Butterfly?
-
Sales Teams
Secure client proposals, pricing, and commercial intelligence
-
Service Providers
Exchange sensitive documents with clients through governed Vaults
-
Businesses
Protect strategic plans, IP, and competitive intelligence
-
Family Offices
Structure data governance across principals, staff, and advisors
Explore More
Control for Critical Infrastructure
National-grade security for essential services.
Learn more about Control for Critical InfrastructureInsider Threat Mitigation
Remove persistent access outside operational windows.
Learn more about Insider Threat MitigationFV-Fracture
Emergency network severance on demand.
Learn more about FV-FractureQuestions
Frequently Asked
Ready to take the next step?
See how Control can govern your data paths with physical enforcement no software exploit can bypass.