Just want to add... the best defence against ransomware isn't a piece of software, or firewall, or whatever. Users are going to open attachments, or click on sketchy links no matter what you do.
The best defence against ransomware is to have a good backup.
And it's good to have a backup anyway, just in case of hardware failure, fire, or mass evacuation, or whatever
The rule I follow for backups is: 3 backups of important stuff. 2 different media / types of backup. And at least 1 off-site.
I use Crashplan and Backblaze for the really important stuff. With encrypted copies on Google Drive (unlimited space).