Cryptolocker how does it spreed on network


simply, i know cryptolocker virus can spreed on a hole network. but how do it do this?
and can it spreed beond the firewall via say an open VPN connection or if some ports are open between two firewalls?


The lateral movement of cryptolocker is most often via what ever shares the infected host has permission to. So if the victim’s host computer has read/write access to many shares they often will all be encrypted.


ok so it needs some sort of shared file-system to move?


Many of them do, but there are always variants that have other methods and new attacks are being developed every day. Also, many of these still begin with emails and do send out more emails to get more victims.


ok, if you have some open ports to a client computer for some remote maintenance could that be a security risk in this scenario?


Yes, if there is a connection then there is a possibility.


IF your talking about 3389 open for RDP purposes, then yes.


God help you if you if a domain admin account is compromised. It will hit all your administrative shares instantly and all systems will be encrypted. Other than excellent behavior based endpoint security software that will detect a mass encryption event an excellent backup is your best defense IMO.


God help you if you domain accounts are all admins…I mean who would do that, right guys?

In all seriousness, offsite backup is the one sure way of making sure you’re protected. Depending on the strand is can be really nasty.