Locked Windows (or even OS X)-PCs might be vulnerable to a a quick drive-by-attack using network devices disguised as USB-sticks.
http://www.notebookcheck.net/Windows-Login-Hacked-with-USB-stick-in-a-couple-of-seconds.173940.0.html
Can't you use a static DNS to block this.
Out of necessity to cover our own needs and protect our clients we created an application called RansomSaver, it is an Outlook add-in and basically what it does is moves new incoming infected email to a folder under the deleted items called RansomSaver. We provide this software for free and with no strings attached.
RansomSaver has been tested by KASPERSKY LAB using several industry-leading security solutions and found to be completely clean of adware/spyware components, also SOFTPEDIA has branded our application as trusted.
To download or see further information regarding RansomSaver please visit http://synergy-usa-llc.com/ransomsaver-overview.html