If its on the network it can get hit. A pc doesn't need to be attached to it at the time of infection. But it certainly helps.
I seen malware jump subnets to connect to systems not attached to the infected host. Its not all that common but it happens. In fact a earlyer this year I cleaned up a mess that jump from the DMZ to a internal network powered on a offline nas via walk up on lan and connected a system to it then encrypted all the files on the nas.
The malware that hits bigger companies can be rather smart and sometimes written with a few targets in mind.
And flash drives roting after a year? That a first for me. I have old flash drives from the early 00s with data still on them, no problem at all. Id be more worried about hardware failure then rot. Definitely better to go with cds, tap or hdds in the long run. But flash is quite useful for a quick temp backup.