A typical ransomware infection can begin with any of the following vectors:

• Email messages that carry downloader trojans, which attempt to install ransomware
• Websites hosting exploit kits, which attempt to exploit vulnerabilities in the browser and other software to install ransomware

More recent ransomware have worm-like cabilities that enable them to spread to other computers in the network. For instance, Spora drops ransomware copies in network shares. WannaCrypt exploits the Server Message Block (SMB) vulnerability CVE-2017-0144 (also called EternalBlue) to infect other computers. A Petya variant exploits the same vulnerability, in addition to CVE-2017-0145 (also known as EternalRomance), as well as stolen credentials to move laterally across affected networks.

This information is sourced from SPF-STAGING