As someone else said while I was writing this: That's the problem. You don't have to click on anything. You browse to a page that has a dodgy ad and, voila, the ad exploits a vulnerability in Flash to drive-by download the virus exe to your system.
The advert itself might look like it's a blank white screen or an ad for the latest Norton or whatever.
I think the only way to stop this is for everyone to stop clicking on adverts. No exceptions. Then online advertising becomes unviable for whoever is paying the ad companies. So they stop paying.
Eventually, the ad men go out of business and the Internet is a better place without them.
And as for backups, my best idea so far is a Linux server (raspberry pi with a USB hard disk or two) that drags files across from shared folders on my computer to a read-only network share that it holds, keeping old versions of files as long as the available disk space allows. That way all your files are backed up and you can go back to how any file was before it got encrypted.
That requires you to over provision your backup hard disk, of course, and you still need to nuke Windows if you get infected.
Sorry. That turned into more of a rant than I expected.