No antivirus will save you from encoders, forget about it as a measure of protection against encoders. Moreover, no one has and never will have 100% detection.

They only find these
Cyren W32/Dalexis.G.gen!Eldorado 20150429
F-Prot W32/Dalexis.G.gen!Eldorado 20150429
McAfee Downloader-CTB 20150429
Norman Heur.I 20150428
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150429
Zillya Downloader.CTBLocker.Win32.3 20150429

Judging by the comment to the article habrahabr.ru/company/eset/blog/248987
"We actually got caught - there was a user who could not resist opening the archive from some left site and infecting the network with this infection. Because of choice we didn’t have much - we had to pay.
The amount, apparently, varies, it took us $ 800. "
And the price of corporate antiviruses is $ 30 for a license, in your case $ 30 x 400 = $ 12,000 - it will be cheaper to pay extortionists.

Can I have a question from a noob in wine administration?
No complaints, just curious.
Here you have hundreds of workstations with servers, Casper - a lot of money inflated.
At the same time, it is impossible to apply the policy "The user can run programs only from two folders - Windows and Program Files"?
Windows seems to allow you to do this. You look, and Casper can be thrown away ...

It is recommended to install not KES, but KAWSEE on file servers.
Do not kick on the antivirus - not a single antivirus is guaranteed to save you from ransomware. On the mail server, drop emails with cab, js and scr, if this is allowed in your organization. Or at least flag them as suspicious.