This year has been big. The attackers are gaining access email accounts and collecting information on what you prefer to look at, purchase, and do. They are not stealing credit card information. Instead, they get a very good idea about who you are, who you email, and what about. Then they deliver a message that is very realistic to trick you into installing their cryptography software. They also send mail out to all of your contacts to begin the process with them.
Way back in 2012 I mentioned this behavior and it falls into a category called social engineering. If you watch the news you will hear mention of several cyber attacks that originate from outside the us.
These attacks are being waged against corporations that have the money to pay the ransom. It is big. Companies end up paying in bitcoin. Normally decryption software is delivered if the demands are met. Would it not be easier however to educate yourself and your employees to prevent such an attack?