How Ransomware Turns One PC Into a Company-Wide Crisis
Ransomware rarely announces itself the moment it lands on a machine. It usually starts as one infected laptop, one careless click on an attachment that looked entirely legitimate, one machine quietly behaving oddly while everyone else in the office carries on as normal, oblivious to what’s already begun. Within hours, sometimes less, that single infection can spread across an entire company network, encrypting files on servers that machine was never obviously connected to in anyone’s mental map of how the business actually operates.
From One Machine to Every Machine
The speed of that spread comes down almost entirely to how your internal network is actually structured underneath the surface. If every device can freely talk to every other device and every shared drive without restriction, ransomware has an open road to travel down once it gets a foothold anywhere at all in the building. Flat, unsegmented networks turn a single infected laptop into a company-wide crisis within hours, because there’s nothing internally stopping the malware moving sideways from wherever it happened to start. Older networks built gradually over many years without any real segmentation plan are especially vulnerable, since new devices simply get added to whatever already exists.
This is exactly the scenario internal network pen testing is built to expose, showing precisely how far an infection starting from one ordinary device could realistically travel before anyone in the business even noticed something was wrong.

Segmentation Is the Difference Between Inconvenience and Catastrophe
Businesses with properly segmented networks experience ransomware very differently to those without. An infection on one machine or one department gets contained largely to that area, buying critical time to isolate it, alert the right people and begin recovery before it reaches finance, customer records or backup systems elsewhere in the business. Without that segmentation, there’s no meaningful internal barrier at all, just one continuous space for malware to spread through unchecked, department by department, until the whole company grinds to a halt. Recovery time multiplies considerably once ransomware reaches shared infrastructure, since restoring a dozen isolated machines is a very different task to rebuilding an entire company from scratch.
William Fieldhouse has watched this exact difference play out in real incidents, not just simulated tests conducted in controlled conditions.
“We tested a client’s network and reached their backup server from a standard staff laptop within twenty minutes, which meant a real ransomware infection could have destroyed their recovery option at the exact same time it encrypted everything else across the business.”
— William Fieldhouse, Director of Aardwolf Security Ltd
That detail, the backup system being reachable from an ordinary desk, is what should genuinely worry business owners more than almost anything else. Backups are supposed to be the safety net when everything else fails catastrophically. If ransomware can reach them just as easily as it reaches everything else, the safety net simply isn’t there when it’s needed most, and that failure is entirely preventable with proper network design put in place well ahead of time. Insurance policies increasingly expect evidence of proper segmentation too, making this as much a commercial consideration as a purely technical one.
Contain the Spread Before It Starts
Understanding your genuine exposure to lateral spread starts with commissioning vulnerability scan services alongside a proper look at how your internal network is actually segmented today, right now, not how you assume it’s set up.
