Before giving an opinion specifically to the topic, IMO a few considerations.
Determining feature of the recent malware/ransomware has the ability to avoid antivirus detection.
We analyse the structure of these cyber attacks: if we click on a mail attachment or on infected web page, running a dropper that has essentially the task of communicating with a remote server to download the ransomware.
The dropper injects a process that gets information about the host system and communicates to the remote server.
In this way, the server is informed about which antivirus is running and if the version of the operating system has known exploitable vulnerabilities .
So the dropper is instructed to download a specific version of the crypto malware.
The dropper has downloaded on the machine, a version of the malware designed to circumvent our specific antivirus application, then it will be running by encrypting the file.
One of the most effective methods to work around AV protection is Process Hollowing.
The malware runs a legitimate process of Windows, but in suspended mode. At that point, it empties the memory in use by the same process and injects the payload, and in this way, the malware is run under the hat of the legitimate process and it does not allow the antivirus to detect it in any way.
Then there are methods to avoid detection within the sandbox.
For example, the ransomware detects, using techniques of increasing complexity (service discovery, registry keys, computational features of the processor, or specific instructions on the use of resources), the presence of a virtual environment, while remaining inert. The user will then consider it safe by running it outside of the protected area, triggering the actual infection.
The other technique is to create the polymorphic viruses, or use the payload that is known code but obfuscated, so avoiding detection by antivirus, also for example, by encrypting the executable with different algorithms, or by compressing it in different containers.
It is obvious how these techniques make it virtually useless the signatures based antivirus.
In my opinion, never as now, the antivirus , alone, can hardly detects all these threats.
Specifically to the topic if I have to choose an AV for the best ransomware protection, whereas, as mentioned above, I might choose Avast/Hardened Mode/Agressive setup.
Because it is free, and although nothing is perfect, it has proven in my tests against ransomware a very good performance.
But remember that all the ransomware that I've tested, however, have been detected by Smartscreen filter at double click time, often people forget that.
But a strategy of prevention must necessarily have, in addition to an effective safety products, also a backup (and restore) reliable plan. Important the education of users and implementation of security policy to mitigate the potential destructive of these malware.
Sorry for prob. OT, but I think that it is necessary to understand the problem in its entirety before giving an opinion.