CentOS

I recently came under attack by a ransomware virus that pretty much wiped everything out. Fortunately we had backups so were able to pretty much restore our systems. But that got me thinking about ways to prevent infections to begin with. So here's my question.

If I run windows in a VM, and keep copies of the image on external hard drives, are those images subject to a virus infection, specifically can a ransomware virus attack those backup images? I can't find any information on any ransomware attacking any Linux systems, and for good reasons, but I would suspect a Windows system running in a VM would still be subject to the same attacks. So if I keep copies on external drives, and if necessary swap the external drive connections every other day?

If I run windows in a VM, and keep copies of the image on external hard drives, are those images subject to a virus infection, specifically can a ransomware virus attack those backup images?

Not if you unplug the drives after backing them images up...

That's one way, but then if I did a normal backup and unplugged the drive it would also be protected. Problem is the drives may not be accessible every day so the drive would still be plugged in, but unmounted. Also the files would be qcow2 and not actually running as VMs so are those files vulnerable if not actively running as VMs?

If you use kvm on centos, you can make live snapshots (package qemu-kvm-ev), then just copy the read-only disk image and later merge botth disks (before and after the snapshot).
Many enterprise solutions work on the same principle (like DP's VEPA backup for VmWare) and it can be quite reliable.