[GordonS]

> when automating your backups, what's a good way to make sure your rolling backups aren't simply backing up malware-encrypted files?

Maybe you could check the level of entropy (measure of randomness) of files before backing up - very high entropy could suggest encrypted data?

[KMag]

This is good. Some antivirus programs run this check, but some ransomware adapted by encrypting 16-byte AES blocks every so often in the file, so that the file becomes useless without entropy increasing too much.

Also, JPEG, PNG, .jar, .xlsx, etc. are already compressed, so pretty high entropy to begin with.

As others have pointed out, the growth rate of your de-duplicated backup size is probably the best way to detect ransomware.