Don't have server write to backup shares, have backup device pull data..
The approach I use for backups is to have a backup system (Linux running 'backintime') pull data from the servers. The backup systems do not have shares on them, they only attach to shares on the server. I have nightly and hourly backups - some kept locally - and at least 2 backup media kept off-site. Standard portable hard drives (currently using 2 TB) keep nightly backups for 3 weeks, then a couple months of weekly, and finally monthly backups kept. Periodically phasing in a new drive allows years of monthly data readily available. Using this approach, the chance of any backup getting infected is reduced by orders of magnitude.