It seems that email phishing is the main reason for successful ransomware attacks, doesn't it?
There are many technical answers at different levels (firewall, mail server, client) to mitigate, but the most efficient one is users education. And by education I mean repeat the information again and again.