I have all my business clients on systems that work to prevent the issue and recover easy if the prevention was unsuccessful.
But say you have many home users (friends, family etc) with a single backup drive and no budget.
Currently I've experimented with setting the permissions on their backup drives to the "administrator" account only, so that even the people that insist on being a local admin user can't access the backup drive (cryptolocker won't be able to also).
But in the case of an RDP attack the scammer will just reset passwords/permissions or nuke the backup drive.
What to do ?