Yes, Retrospect 18 offers encryption:
End-to-End Security:
Retrospect supports a variety of encryption algorithms, including AES-256, for both at-rest and in-transit security options
Definitely, though it’s important that those drives not be connected to the machine before the ransomware is removed, or they could be encrypted or damaged as well at that point. That’s an advantage of Internet backup as long as there’s versioning in place so you can always roll back to before the ransomware-encrypted data started to be backed up.
The real problem with ransomware is that there’s sufficiently big money involved that the crazy hypotheticals have to be considered seriously. For instance, Backblaze has versioning so it would seem to provide protection. But there are ways that Backblaze backups can be deleted by the user, so if the ransomware could simulate those actions, it could prevent Backblaze from being a possible restoration option. That’s why the way Retrospect uses Cloud Object Lock to create immutable backups is important—there’s no theoretical attack that can affect its data. (Short of a massive infiltration of an entire cloud service provider and the assumption that there’s some possible way of disabling Cloud Object Lock as a result of that infiltration.)