First, Kerry, I am really sorry to hear about this. If there are updates through your investigation with the FBI, please let us know. The more the FBI can research, the more change the security community has to work on countermeasures.
Just as an update. Samas is indeed a very painful variant of Ransomware. It used to target the healthcare vertical at first but it seems it is growing and attacking other verticals now also. It is known to search for backup files and basically can find backup files of most of the backup vendors and deletes them. The worse part is that the malware that does it deletes itself after this so it is difficult to trace it
Get some offline backups of your files is indeed a way to go. Whether this is rotating devices, tapes, a cloud service provider. I do feel your pain though when you are a small shop. I have been there, done that as an IT admin and my solution against that was to take my tapes to me at home (with permission of the boss). It is not fun, but then there is a day you will be happy that you went through that pain...
@mkretzer look at the ports that you need in our guides. There is certainly different measures that you can take (a search on this forum should give you enough discussions on the topic) but in the end, it will give you a false sense of security. By the time you are done with those measures, there is a new variant of malware that will easily bypass your measures. Only when there is a "air-gapped" copy, you have a safe copy (for now, who knows what can be done in the future)
As an example, When researchers figured out how to battle cryptolocker version 2 (at least I believe it was 2) it took the bad guys 48 hours to write version 3 and we were back at the start... So as long as there is a connection, there is a danger. You can do your best to protect it as much as possible (and yes, please do so!) but have that additional air-gapped copy also... Just in case