alt Hacker NewsIMO the only way to perfectly protect yourself against Ransomware Attacks is with CD-Rs, because it's something not even hardware can alter. A skilled take over of the root level of a machine can be encrypting everything and you'd never know it, until the day it denies your access, by deleting an encryption key until you pay up to get it back...you hope.
Replies
Modern backup systems use reference counting mechanisms, which means you can set up any old versions policy you want. Something like "last 3 annual backups + last 12 monthly ones + last 8 weekly ones + last 30 daily ones" will help a lot against slow encryptors.
You'll want to ensure the malware can't destroy your backup, but that is possible too. A traditional way is to have a separate backup machine that runs backup program and pulls files remotely. Some backup apps can store directly to cloud storage and can work with "append only" permissions, to ensure that client can't delete existing backups. In this configuration, a separate trusted machine must run pruning periodically.
Can a CD-R drive force a second pass burning over existing data to make the disc unusable? Perhaps with drive firmware modification.
Disk drives used to have a write-enable jumper on them. No more.
Things like RDX backup cartridges have a physical write protect lever on them
A few years ago (before affordable cloud backup offerings) this was fairly common for Small Businesses to use, for this reason.