Abstract
<jats:p>The basis of the work is the study of the influence of corporate network architecture and internal security policies on the dynamics of ransomware spread, in particular, an assessment of the effectiveness of network segmentation and the Zero Trust concept as mechanisms for limiting lateral movement. To this end, a theoretical analysis of modern attacks was conducted and a simulation model of malware spread in a corporate network was developed. The network was formalized in the form of a graph, and the spread process was described using the SIR model. The implementation was performed in Python using the networkx library, which made it possible to conduct a series of experiments for different scenarios: a flat, segmented network, and a network with Zero Trust principles. The modeling results showed that in flat networks ransomware attacks are characterized by high speed and scale even with a single penetration. Segmentation significantly reduces the infection rate and localizes the attack within segments, while Zero Trust additionally limits the spread due to access control and node isolation. The results obtained confirm the decisive role of lateral movement and the feasibility of using architectural mechanisms for managing internal trust. The practical value lies in the possibility of using the model to analyze the effectiveness of architectural solutions in the field of cybersecurity and in the educational process of training information security specialists. Keywords: ransomware; corporate network; lateral movement; network segmentation; Zero Trust; propagation modeling; SIR model; cybersecurity, attack, malware, network node.</jats:p>