There is an alternate path for immutable for those that fit a specific configuration.
If you using Google Drive for your backup (many of us with unlimited accounts via school or work), you can do the traditional push up to Google Drive via Duplicacy. The only downside is that I have found that Google is rate limiting the upload for the API so you have to be more patient if moving TB’s.
With your unlimited account (many of us on this for free), you can put TB’s up there for $0 additional monthly fees.
Now the part on the immutable. Just put Spanning Backup against this Google Drive account. It cost $40 per year which is $3.33 per month. It is an unlimited backup and 100% immutable. You cannot delete the data even if you wanted to do this. Plus, you can go back to any previous time in the history of the Google Drive account. This gives me an unlimited backup (my 6TB+) and fully immutable as well. Additionally, I am getting a cloud backup of my cloud backup so essentially 2 cloud backup of my data. Having said this, there is the bundled risk that if my original Google Drive backup of data via Duplicacy is bad so is the Spanning backup copy.
I still have other other things in place as part of the 3-2-1 backup and even go beyond that rule. My data is worth just too much to me and hard drives are cheap. So, I add in local cold backup using entirely different software from Duplicacy to remove that variable.
If you wanted to add another layer here so you can get your data back fast versus worrying about the download from Google Drive in the case the house burned down, etc., you can use Syncovery ( https://www.syncovery.com/ ) at a friends house and have this software run a one-way download of the Google Drive account with email updates so you know it is running smoothly. That comes at a one time purchase of the software and hardware. And, it is one way so anything hitting my friend’s computer most likely does not impact my Google Drive account upstream.
And, if someone hits me with ransomware and actually infects my Google Drive backup, I restore to Google Drive to a previous point prior the ransomware with Spanning via their web interface and then pull the drive from my friend’s house that gets one-way updates via Syncovery.
Final side note for those that are admins for G Suite where you can set-up numerous accounts, I suggest setting up an account just for this backup that you never use for email and never use a local Google Drive client software as a link. For me, the only thing that is accessing this unique G Suite account is the Duplicacy credentials using the Google Drive API. It would be a really aggressive ransomware attack to get that refined to impact this unique G Suite account. And, even if they did, Spanning backup is there to bail me out.