Re: I've asked before, but:
My understanding is that some of these ransomware do not change date / time stamps so be interested to see what method you approach to detect changes
One way mirror can be good, but depends on how it detects changes. It may also copy over the encrypted files
Also most of the ransomware so far only works on mounted drives / volumes
I have 2 drives that are on my server. I have a routine that mounts them, unlocks, copies, locks and dismounts. One is weekly, the other monthly and for my data, they have numerous versions
I have a manual copy stored at a remote location
I have my own remote NAS running at a family friend that is constantly updated
I have a couple of online cloud providers that are backing up my key data with various version controls.
I can guarantee that someone will find holes in that too, or I may find I have been hit at some point and not been aware no matter how careful I am, or the creators of this crap get more inventive themselves
The GFS backup is good, but when I used to deal with backups' I'd prefer the Tower Of Hanoi approach often supplemented with additional daily and non overwritten monthly's