The same way you protect those network drives from an employee accidentally or intentionally deleting everything.
Limited permissions work, backups work, journaling data storage systems with an ability to rollback all changes work.
In most environments nowadays I guess there's no valid reason to have a literal "network drive" - if your users don't need to wrangle terabyte-sized data blobs, most environments can afford the overhead to have the company document/file sharing to happen in some system that stores full history of changes, and where normal users can not remove that history even if they're malicious or infected with malware. Probably even Dropbox or its competitors would be sufficient for that, no need to go to the more enterprisy vendors.
Not really, ultimately if someone has write to your network drive, it's not any different than malware having it. The best solution is a good backup and protecting your hosts from being infected as much as possible.
I believe some people were trying to do rate limiting and traversal detection, which should be possible, but also is common in many tools, like running grep or find on a network share, so it's far from a perfect solution. It could also probably be avoided by clever malware if it were to be widely deployed.
I read about ways to detect it early with FSRM, but never tried it:
https://chrisreinking.com/stop-cryptolocker-from-hitting-win...
Experts, chime in? What is out there in 2017 (paid or not paid) as a way to protect network drives from ransomware?