We are using Veeam B&R to make a nightly backups and backup Copies.
All VM's of our 2 ESXi hosts are backed up each night to the HD of our Veeam Server, which is a physical server close to the 2 hosts.
Immediatly after the backups, the Backup copies are made to a NAS (Raid10) which is located on the other side of the building, and connected via iSCSI to the Veeam Server.
We have been hit before with ransomware, but Veeam saved the day with simple restores.
Because we are using 'always connected' hard drives as backup medium (for both backups and backup copies), it is not impossible that our backups should get encrypted as well.
I am a big fan of using HD as backup medium, because I like my backups as automated as possible. Manually rotating USB drives or
tapes just requires too much discipline

Anybody got some advice to protect against backup encryption on 'always on' HD media?
Don't want to be hit by ransomware and discover that the backups are useless...
- We are using surebackup to test are backups nightly.
- Now our Veeam Backup server is joined to the domain. Which means that if the ransomware knows the domain admin pw, it can start encrypting our Server VM's AND the backups. Would it be usefull to throw the Veeam Backup Server off the domain and use a local account only (with different credentials)?