Hi Mike_winsp,
I believe I can help.
So my question is, does anyone know if the virus can be spread by attempting to open an already encrypted document? or is it only spread by a PC / Server contracing the infection from web site / internet drive-by, running aqn infected executable
The encrypted files themselves are harmless: the threat cannot spread by attempting to open them.
You are correct that the the threat can only infect a machine via drive-by download or if a user is tricked into running an executable (something that arrived by email, for example, a .pdf pretending to be an invoice but actually had a .exe).
With Cryptowall, I believe that drive-by downloads are the most common means of infection. Definitely be sure that all browsers and third-party plugings to browsers (Flash, Java, etc) are patched up-to-date. Also be sure that IPS and Download Insight components are in palce on the endpoints- AV alone is no longer enough for comprehensive protection!
The other big recommendation is to close open network shares: that would limit any damage just to that one computer. If that computer has mapped network drives that it can access without prompting the use for a password, then the threat running on the victim computer will go there and sabotage all the material it can on that remote drive, too.
Hope this helps!!
Mick