ransomware – Ransomeware: Main means of lateral movement

I was looking for an overview that summarizes the main methods for lateral movement of ransomware. To be clear, I am not looking for the main infection vectors but rather for the main services / ports or applications ransomware exploits to spread laterally once it is inside the network already.

I was unsuccessful though given most summaries focus on the initial infection vectors. My best guess is that most ransomware instance make use of: SMB, RDP, flat AD implementations and known Windows vulnerabilities (DoublePulsar, issues with the printer spooler, etc. pp.).