[hibbelig]

The old backups are clean, yes. But newer backups (created after infiltration) will be contaminated. Immutable and append-only doesn't help because the files were already contaminated when backed up.

The attacker could: get the victim infested with malware; ensure that the malware infects all new files; wait one year; then trigger the encrypt function.

If the victim pulls a file that is newer than one year old from backup, the victim will pull the malware from backup.

(Only if the file is of a type that could be infected in the first place, of course. README.txt will not be infected.)