Ransomware is a broad topic, so any answer comes with limitations.
Generally, a ransomware attack will escalate privileges until it has root/administrator privieleges.
From there, any information present on the machine (passwords, encryption keys, etc) should be assumed to be in the hands of the attacker.
This means that you cannot have any protection on the machine that is hit, except perhaps in some dedicated protected hardware.
A backup can help you recover from an attack, provided that you can somehow prevent the destruction of the backup even if the attacker obtains the login credentials to the storage destination.