Ransomware are malicious software which encrypt datas from their victims and ask for a ransom in exchange for the key to decrypt them. The problem is that most of the time, attackers don’t even give the key to their victims after they have paid.
The ANSSI (National IT Security Agency in France) advise companies not to pay, first of all to discourage these kind of attacks, but also because nothing guaranty that you will get your data back and untouched (hackers might have infected them with a spyware).
If there is more and more propagation methods everyday (“Locky” have more than 100 variant), the open door is often the opening of an infected attachment in an email or the execution of an unknown software. But some companies have been infected in the past just because of outdated servers or web browsers.
There is a lot of solution to help fight ransomwares (anti-virus, patch-management, user’s training) but none can totally make you safe.
The only solution : keeping external backups for several weeks
These kind of backup are made easier nowadays because of Cloud-based backup solutions.