Antivirus is reactive and will not adequately protect endpoints. If there is no signature available, like in your case, it's over.
IPS and firewall will block the communication so that the malware cannot reach back out to grab a private key, which starts the encryption process. WIthout it, it cannot encrypt.
SONAR uses behavioral analysis to detect it and Download Insight will stop downloads that have a bad reputation.
Also, SEP 11.x is end of support life so you need to move to 12.1 as soon as possible to reap the benefits of the newer features.
AV alone is not enough to stop this threat.