In that case what I’d do is:
- (as others have suggested) Disable UPnP on your gateway device.
- Religiously keep everything on your network patched.
- Adopt a backup strategy that ensures that a regular (preferably rotating) backup is always off-line and in no way accessible by any actions that can be made on any of your computers. This is the surest protection against ransomware.
- Test your backups regularly.
- Encrypt everything.
As far as anti-malware software goes, that’s a tricker recommendation. My view is that if you’re absolutely positively convinced that you don’t need it, that’s probably a good sign that you do 
(On a server that’s never used as a desktop, the need is lower, in my opinion)