techno-n.com
Every ransomware negotiation has the same brutal turning point: the moment the victim realises their backups are encrypted too, right alongside everything else. Up until then, there was always a way out that did not involve paying criminals a single penny. After that moment, the options narrow considerably, and usually very quickly indeed. Whoever is in the room at that point tends to remember the feeling for a long time afterwards.
Ransomware Rarely Arrives Where It Detonates
Most ransomware infections begin somewhere unremarkable: a phishing email opened by someone in accounts, an unpatched VPN appliance facing the internet, a remote desktop port left open for convenience more than anything else. From that single entry point, the attacker’s real work begins, moving quietly through the network, escalating privileges, and mapping out exactly where the valuable data and backups live before ever triggering the encryption that announces their presence to everyone. That reconnaissance phase can quietly last days or weeks before anything visibly goes wrong.
Regular vulnerability scan services close off the most common entry points before they can be exploited at all, catching the unpatched software and exposed services that ransomware groups actively scan the internet for around the clock, every single day. Patching is unglamorous work, but it remains the single most effective barrier against the initial infection ever taking hold in your systems.
Segmentation Decides Whether It Spreads or Stops
Even a successful initial infection does not have to become a company-wide catastrophe, provided the network is segmented well enough to contain it properly. Internal testing simulates exactly this scenario, an attacker who has already gained a foothold somewhere, and measures how far they could realistically travel before hitting a genuine barrier rather than open, uninterrupted access across every segment of the network. That measurement is often the single most sobering figure in the entire report.
William Fieldhouse has seen the difference proper segmentation makes play out in real incidents, not just in theory or on a whiteboard.
“In one engagement, we simulated a ransomware attacker starting from a single compromised laptop and reached the backup server within twenty minutes, because the backups sat on the same flat network as everything else with no separation at all in place. Encrypt that one server and there genuinely is no way back for the business.”
– William Fieldhouse, Director of Aardwolf Security Ltd
Twenty minutes from a single laptop to the one system meant to save the business in a crisis is not a rare or unusual finding, it is closer to the default state of most unsegmented networks we encounter. Backups need to sit apart, offline where realistically possible, and genuinely isolated from the systems an attacker would compromise first on their way through the environment. An offline copy an attacker cannot reach is worth more than any amount of ransom negotiation later.
Layer the Defences, Do Not Rely on One
Stopping ransomware is rarely about one perfect control; it is about patching the entry points, segmenting the network so a foothold cannot become company-wide, and keeping backups genuinely isolated from everything else nearby. Combine regular scanning with proper internal network pen testing to find out exactly how far an attacker could get today, before ransomware answers that question for you instead of a friendly tester. Ask for that answer while there is still time to act on it calmly.
