Stop with the network shares please ...
It seems to me that nearly every network share I have ever come across would have been more useful as a version control system than a big dumb file storage area. Even before ransomware became a big issue, the increased auditability and resistance to user error seemed compelling advantages.
If I had to secure a network share, in the quickest and cheapest possible manner, I'd think about scheduling a job to nondestructively* copy all the files in it to a nonshared filesystem on a regular basis.
It's not a substitute for regularly made and regularly tested backups, but it might expedite getting prior copies of ransomed files back.
* using some system to prevent existing files being overwritten with new versions (even just something like rsync --backup --suffix `date +%Y%m%dT%H%M%S` would do the trick)
Biting the hand that feeds IT
