“Drive-by” infections from ad networks and emails that are a lot like Phishing messages are the 2 causes I’ve seen. Specifically emails trying to convince you they contain legal documents or other must reply data. I keep a Linux VM around to checking the file extension and erasing the emails from the webmail.
Having good backups and doing wipe/reinstall (or replace drive/reinstall) seem to be the best tactic for fixing it. When the ransomware starts revising the BIOS or writing to PRAMs elsewhere in the system (Videocard firmware for example) is when things will be really awful. It also doens’t seem to travel much out of the original infected PC.
A good ad-blocker is at least as important as a good antivirus program these days. Or you could upgrade to Linux 
