I don't think there is an easy answer to ransomware. It's really user error. You could implement the latest in endpoint inspection which specialises in this field like Crowdstrike or Cybereason. Both have some integrations, but if you want true firewall integration - Palo…