alt Hacker NewsModern backup systems use reference counting mechanisms, which means you can set up any old versions policy you want. Something like "last 3 annual backups + last 12 monthly ones + last 8 weekly ones + last 30 daily ones" will help a lot against slow encryptors.
You'll want to ensure the malware can't destroy your backup, but that is possible too. A traditional way is to have a separate backup machine that runs backup program and pulls files remotely. Some backup apps can store directly to cloud storage and can work with "append only" permissions, to ensure that client can't delete existing backups. In this configuration, a separate trusted machine must run pruning periodically.
Replies
And what they say in the industries that need to take this ultra seriously (Banking and Insurance companies, for example) an untested backup is not considered a good backup. And the only way to truly test a backup is install a fresh image of the entire OS (using checksums on the image too), so that you can read the data and make sure no clever ransome-ware software is secretly encrypting EVEN your backups.
oh, btw. "Blockchains solve this" haha.
That's all true, and probably a better system overall, but burning an optical disk, labelling it, and putting it on a shelf does feel like a more accessible backup regime for many people. :-)