CryptoProtect is not doing this by Remote (anything.) It's just one of many reasons I see what you described.
There are tomes about how such happens such as http://krebsonsecurity.com/2013/11/how-to-avoid-cryptolocker-ransomware/ and the links there.
As written I don't agree with more firewalls. It's more of an issue where your users click or run something they shouldn't have.
Bob
I have a Dell Inspiron 15 3000 Series with Windows 8.1.
I have turned off Remote everything except Procedure Call to stop access to my computer.
I am unable or just don't know how to block all incoming connections using the firewall.
I want to do this because files are deleted before my eyes on my USB drive and others are made read access only.
How do I protect myself from Remote Access and altering.

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic