Consider the ransomware case - while all the files are being encrypted on your work machine, those encrypted versions are also syncing across live and overwriting your "backups". Or if it synchronizes deletes, accidentally deleting the file on your work machine also deletes the file from your "backup" once sync has completed.
File versioning / version history would help, if you have sufficient disk space for all the versions. But you can be more confident in the backup integrity if it is taken offline once completed - eg cloning a drive to an external drive, and then unplugging that external drive and putting it in storage until needed.
There is very little software that is ransom-safe. People talk of cloud object locking, but that's not worth anything if they just cancel the account with the vendor or go into the config and turn that lock off. For the versioning you mention, wouldn't it be possible to just cancel whatever storage you use for these versions? After how long do you delete the data then, can't an attacker encrypt all files that you haven't touched in a year (so you don't notice right away) and wait for all the old backups to be gone, then hold all your old pictures and tax documents you might still need etc. for ransom?
A pi is actually a great solution because it's quiet and tiny, so you can place it at a friend's place and use physical access whenever you need to work on it. No need for the backed-up (potentially ransomed) system to have any access to it, ever, beyond the append-only encryption/authentication key for adding new backup data.
