There is very little software that is ransom-safe. People talk of cloud object locking, but that's not worth anything if they just cancel the account with the vendor or go into the config and turn that lock off. For the versioning you mention, wouldn't it be possible to just cancel whatever storage you use for these versions? After how long do you delete the data then, can't an attacker encrypt all files that you haven't touched in a year (so you don't notice right away) and wait for all the old backups to be gone, then hold all your old pictures and tax documents you might still need etc. for ransom?
A pi is actually a great solution because it's quiet and tiny, so you can place it at a friend's place and use physical access whenever you need to work on it. No need for the backed-up (potentially ransomed) system to have any access to it, ever, beyond the append-only encryption/authentication key for adding new backup data.
A pi is actually a great solution because it's quiet and tiny, so you can place it at a friend's place and use physical access whenever you need to work on it. No need for the backed-up (potentially ransomed) system to have any access to it, ever, beyond the append-only encryption/authentication key for adding new backup data.