Best protection ?
For users about the best that can be done seems to be removing Flash and using NoScript and AdBlockPlus and setting your PC's DNS entries to use Google's public DNS (IP addresses 18.104.22.168 and 22.214.171.124).
The fix that is needed is to for all sites to stop linking to external ad supplier networks - all ads should be hosted on the main sites website and have NO SCRIPTING of any sort. (Possibly the way to enforce this would be to make sites liable for any damage caused by their code or code from other sites that they serve to users)
(If you are on windows 10 and cannot remove Flash from the Microsoft browsers - make yourself safer by using a different brower (Firefox or Chrome) and if you have a firewall with program control (eg Norton) then block IE and Edge from all internet access.)