There are some simple, CHEAP, and straight forward steps to stop ransomware.
No one should be administrator of anything with the ID they use to surf the web or open emails, or use removable media.
Least rights. People should have the Minimum rights they need to do their job, no more, no less.
IT personal should have a separate and dedicated device to preform Admin work, this Device should NOT be able to access the internet, Email, or removable media.
Moving files from "internet accessible computers" to "administrative computers" should be scanned multiple times to ensure there is no malicious software.
If your Entire company has been taken down from a ransomware attack it is because someone with administrative rights to everything downloaded and installed ransomware software.
Your Cybersecurity policy is lax and/or not followed.
Read more at Woods LLP