The reason is the direct nature of the attack. There’s no connection to a suspicious subdomain, no payload to download and no relying on the user to run a suspicious “upgrade“ to a Windows component.
Simply open the email attachment promising unexpected riches and, to misquote the 1980s game Zero Wing, “All your file are belong to us“.
It’s little wonder that ransomware gangs are setting up customer helplines for bemused punters queuing up to get their files back.
For Firefox, the go-to solution here is the NoScript plugin (which is the one I’m most familiar with). By default, NoScript blocks everything on a domain-by-domain basis. It’s easy and quick to unblock trusted domains as you go, while leaving all others (including those called by the primary domain) securely blocked. This not only serves as an extra line of defence, but also prevents some adverts from being displayed without sites accusing you of using an ad blocker. It’s also very interesting, and sometimes worrying, to see just how many secondary domains some of your favourite web sites rely on to deliver content.