[amelius]

Please note that backups aren't a good measure against ransomware, unless you do them absolutely correctly.

The problem is that ransomware will encrypt your files, rendering them useless, but they still end up in encrypted form in your backup.

[WJW]

Almost every backup system I've seen will keep multiple versions of the file around with decreasing frequency as time progresses, ie one for every day of last week, every sunday of the last month, the first of every month for the last year, etc. That way if you get hit by ransomware, you can restore to a point in time where you are (fairly) sure no infection was present yet. Nothing is perfect, but this does give a decent amount of protection for "most" important files as they tend not to change that often. For things that do change often like databases, different strategies may be needed.

[beermonster]

So long as the compromised system isn’t able to access and alter any historic backups.

Things like zfs snapshots or append-only backups help protect your backups by not permitting this.

[amelius]

Yes, but if your system is hacked, then any application (including your backup software) might "see" the file as unencrypted.

[WJW]

Yes? Some of your backups will be the encrypted version of the file. As long as your system remains hacked it is useless to restore anything. You will first need to purge every disk in your organisation and reinstall everything from scratch (depending on the sophistication of the ransomware, maybe just buy new disks altogether), THEN restore from a version that is good.

[amelius]

Yes, but backing up from an infected system is probably not a good idea. Better to mount the drives on a different system, and backup from there.

[nix23]

That's why you use WORM Tapes and versioned files if its really important data.