How do MFA and Service Account Protection Prevent it?

What is Ransomware Lateral Movement?

Since lateral movement is carried out by logging in with compromised user credentials, enforcing MFA on these access attempts can thwart them altogether. If the attackers are utilizing a compromised service account, monitoring this account’s activity and blocking its access whenever it deviates from its standard activity would have the same effect.

The initial delivery of ransomware to a user’s machine enables its execution on this machine alone. "Lateral movement" refers to the stage after the initial delivery, in which the attackers use compromised credentials to access as many machines as possible and maximize the attack’s payoff by encrypting all of them at once. MFA and service account protection are instrumental in preventing this lateral movement

Insurance carriers are requiring the additional security measures of MFA, and service account protection in order to increase resistance to ransomware attacks — specifically the stage called lateral movement

The Point of the New Requirements: Prevent Ransomware Attacks