yeah you're right. we don't have the sample so we don't understand how it workedWhat about obfuscated executables embedded in the js? This is exactly RAA. It downloads other malware, but if it can't download, it still encrypts, executing the embedded executable. My point is, from this video, you cannot know for sure that is was a third payload downloaded from the internet that did the encryption. And if was embedded in the js, that's even worse, it's a static file that should have been detected. If this is the case, maybe the AV installed didn't got an update with the signature for this particular ransomware, or they didn't got the chance to build one (0-day variant).
Anyway, Avast is good, WD is good. I would probably choose Avast, it has to be at least a little bit better, why else would they release another free AV while WD is around?