Yep, make a bootable full backup of your system about once a month to an external hard drive. Once complete disconnect this dive and put it in a safe place. For even more safety use two external drives and rotate them every other month, just in case you’re newest backup happens to contain the ransomeware. Even from a full backup that’s a couple months old you should then be able to pull needed files back from your Time Machine backup.
So far, I’ve not needed my backup for this reason, normally needed due to a hardware failure, but it’s comforting to know it’s there if needed.
One other helpful tip: put a reminder on your schedule to perform this backup as it will require manual steps (connecting the external drive, running the backup, disconnecting the drive and storing it away) and you don’t want to forget to keep these backup fairly current.