Go to watch wannacry, there was no exe to open, it only needed unpatched "ameliorated" windows
so yes, ransomware can appear out of thin air once an exploit is found.
That is just completely wrong, wannacry spreads through LAN to other computers by using an exploit called EternalBlue, it utilized Server Message Block v1 or SMB v1, a feature of Windows for the use of setting up device communication within a network.
The ransomware doesn't just pop into any computer, it has to still drop in as a payload, an executable into the intial computer most likely through phishing emails.
The reason why I don't care as much because I wipe my windows install every 2-3 months, which then proceeds into installing the latest version. Sooo yea.