Hi,
writing file backups into a container would make sense. Especially when running the backup host on windows. This would help to protect against ransomware running on the backup server. VHDX would be nice as it can be easily read by modern windows os.
An alternative would be to set the read-only flag on the backup’d files in the backup folder and store the original flag in the database.
If you have ransomware running on your backup server, you should probably get a new one.
Container would be nice, but it is way easier to pull the file out of the indexed spot and slap it back into place on a machine.
As far as if you back something up with ransomware… Well, Anti-Virus/Malware is a thing.
How would a software defined container help against ransomware? As long as it’s not technically impossible to write to the raw drives you can ‘encrypt’ them (for good - such as full disk encryption or for bad - such as ransomware).
If you’re worried about ransomware on your server, don’t use a Windows host (or any sort of monoculture) and keep a set of backups on read-only media (such as a WORM drive).