How do you defeat ransomware? Versioning, that is how you defeat it (and other malware). Let me explain...
There was a time when the only options for backup & recovery was versioning in the form of a tape device. You put a blank tape into the device, the backup job ran during off hours and the tape was automatically ejected once the backup job completed. So that tape represents one version of your critical data and it has the added advantage of being physically separated from all systems after being used. Fast forward to now when its all about continuous backup of data. An excellent concept and useful for backup & recovery of certain types but take a step back and consider how versioning works in the context of continuous backup. Part of the answer comes from the type of backup & recovery solution that you are paying for. If you're willing to spend a bit more money, you can put a solution in place that allows for versioning of data and that is a critical factor. Do not assume that whatever solution you have allows for versioning, make the vendor prove it. Another aspect of versioning has to do with the way the vendor has built out their back-end systems. Are they multi-tenant? Does your data literally sit right next to another customer's data? If something infects your data, can it jump and infect another customer's data? Don't laugh, don't dismiss this because there are documented cases of this happening. And the infection could go back months.
Have a backup to your backup & recovery solution. Independent of whatever cloud-based backup & recovery solution have an additional in-house process for backup & recovery of critical data. I know its a bit old school but tapes are still a viable, cost effective solution. Automate the process & rotating the tapes will allow for your own "version" of "versioning."