Cryptolocker how does it spreed on network

simply, i know cryptolocker virus can spreed on a hole network. but how do it do this?
and can it spreed beond the firewall via say an open VPN connection or if some ports are open between two firewalls?

The lateral movement of cryptolocker is most often via what ever shares the infected host has permission to. So if the victim’s host computer has read/write access to many shares they often will all be encrypted.

ok so it needs some sort of shared file-system to move?

Many of them do, but there are always variants that have other methods and new attacks are being developed every day. Also, many of these still begin with emails and do send out more emails to get more victims.

ok, if you have some open ports to a client computer for some remote maintenance could that be a security risk in this scenario?

Yes, if there is a connection then there is a possibility.

IF your talking about 3389 open for RDP purposes, then yes.

God help you if you if a domain admin account is compromised. It will hit all your administrative shares instantly and all systems will be encrypted. Other than excellent behavior based endpoint security software that will detect a mass encryption event an excellent backup is your best defense IMO.

God help you if you domain accounts are all admins…I mean who would do that, right guys?

In all seriousness, offsite backup is the one sure way of making sure you’re protected. Depending on the strand is can be really nasty.

still on same topic, is cryptolocker/ransomware is still dangerous if the users are running windows and all of their works files is in nextcloud? (the files are edited using that online libre office)

i mean, on that condition, if the windows client got infected. the files in nextcloud are still safe right? (until someone figures the ransomware to use active nextcloud session to destroy files in the nextcloud maybe)

If the computer was using a local tool to sync the files with Nextcloud instead of just using the cloud versions, then it would likely tamper with those files too. You should be able to mitigate the problem by having a revision.