The issue is not the technology, it's humanity. No matter how many warnings you give people, no matter how many times you tell them "THIS IS REALLY BAD, DO NOT ALLOW THIS!" they will just click OK, and in most cases after not even reading the warning.
The problem is software has been crying wolf with inconsequential security warnings: Yeah, I get it, the SSL cert I'm using is self signed. User Account Control, and the MacOS password prompt, pops up for every little OS change, I really do trust the RDP/SSH computer I'm connecting to. No, my computer doesn't have a virus you shitty clickbait ad.
Users have become desensitized to security warnings, and ransomware is just the next evolution of this.