Preface: Perhaps we think that ransomware only looked at hard drive C. But the truth is that other mapped drives like D:, E:, F will be compromised.
Headline News: PARIS (Reuters) – French insurer Axa said on Sunday that one of its businesses in Asia was hit by a ransomware attack, adding that it was investigating after some data processed in Thailand was accessed, said Reuters News (May 16, 2021).
Possible attack scenario: A possibility may occur when setup ssl VPN. Perhaps we can overlook the routing option. For instance SSL VPN route the target subnet. For the rest, it will allow go to internet.
For example: If Phishing Email encountered by remote SSL VPN client. When they click the link, if the option (refer to attached diagram), not enable. It will allow ramsomware to do his dirty works.