I used a folder on my attached mass storage hard drive to store backups. The program that creates the backups runs so as administrator. So it makes sense to me not to allow other users to access this folder. I change the permissions on the folder to only allow administrators. The account I use is a standard user, only elevating my user privilege to complete administrative tasks.
Users have read and list privileges, and administrators have read and write.
Go to Folder Properties, select security tab and click Advanced.
Click Disable inheritance.
Choose Remove all inherited permissions …
Now you have a clear box.
Add Administrators as full control,
then add users as read.
Click Add button
Choose Select principal
Type Administrators and click Check Names
Ensure the admin permissions are as follows:
Do the same for users. However ensure users have these permissions:
Your box should look like this.
Assuming ransomware has not escalated to administrator privileges then your backup folder should be safe. For this to work, I am running as a standard users, and only up my privileges for recognised requests. This does assume I have a backup on another device just in case this folder is comprimised.