Everyone has been patient responding to prior questions about backup. All recommendations discuss the fact that snapshots are no substitute for good backup.
Assume periodic backups and off-site storage of same.
Assume daily snapshots with custom setting occurring at about 4:00 AM. Retention period is longer than time frame between periodic backups.
Two possible events -- Ransomware hits and stuff is scrambled or somebody compromises an important file.
To recover my idea is to restore the periodic backup first for the case of Ransomware
Then select the appropriate (most recent) snapshot and recover data.
A recent test indicated the ability to download the appropriate files to the workstation and pick and choose the file and recover it to the workstation and in turn move it to the NAS. Works fine for somebody who inadvertently contaminates a file.
For an entire share that has been restored my idea would be to select the most recent snapshot and recover in place for the entire share.
Typical recovery of a major or total loss is to first restore the most recent snapshot prior to the event, then use a backup job to copy only newer or absent files from the remote backup (though there may not be any in your scenario). That does the faster snapshot recovery first and only does the slower coping of files from the backup as needed.
For a small data loss, you can simply restore individual files or folders from snapshot if you know what they are, or you can clone a snapshot and then use a backup job to restore newer/missing files from the clone to the original share. Since a clone is basically a visible snapshot, an alternative is to temporarily enable snapshot visibility and restore newer files from there, but I've never tried that using a ReadyNAS backup job. If the backup is more recent, you can follow by a restore of newer files from it.
The risk of using snapshots for a total loss as a consequence of ransomware is that it usually encrypts the original files. Since the new encrypted files differ from the ones in the snapshot, they will start to fill the available space and the NAS will start deleting snapshots if that space runs out. So, that's a risk if you keep your NAS pretty full and is a good reason to make external backups as often as practical.
To recover my idea is to restore the periodic backup first for the case of Ransomware
Then select the appropriate (most recent) snapshot and recover data.
There is an option to Allow Snapshot Access, and you need to make sure that option is disabled. For some reason (totally unfathomable), Netgear decided to give the users write permissions for the snapshots when you use that option. So ransomware infecting the PC can encrypt the snapshots also. You can still Allow access to Windows Previous Versions.
As @Sandshark says, one limitation here is that the NAS will automatically start deleting snapshots when the volume gets too full. By default, this happens when the volume reaches 90% full. While you can adjust that threshold, you do need to understand that if the volume does get completely full, then BTRFS starts misbehaving (which can result in the volume failing). So I don't recommend raising that threshold (and raising it doesn't help much anyway).
As a result, you do need to keep an eye on the amount of free space. If you kept the volume at no more then 40% full, then even if ransomware encrypts the entire volume you'd still end up at < 80%. Then you should always be able to restore the most recent un-encrypted snapshot.
Of course encrypting the entire volume over the network will take some time, so if you know the attack is happening you can disconnect the NAS from the network before the volume fills. In that case you could survive the ransomware attack with less free space. If the ransomware has infected the NAS OS itself, you'd probably end up needing your off-site backup (rebuilding the NAS from scratch).
