Just out of curiosity - shouldn't Deepscreen pickup any ransomware? With the ransomware starts, Avast should Deepscreen it and watch what it's doing to the virtual environment. Once it sees cryptography going on, it warns the user that it may be unsafe - the user can then terminate it.
Or am I off base on that?