Duplicati currently keeps all its backup files from all versions of all source files in one destination folder.
If you keep the structure intact and don’t add non-Duplicati files, you should be able to move backup to whatever destination you like, so the easiest way to have single-version backup of backup is to clone it.
Emergency restore can be done directly from clone files, assuming timing was such that ransomware didn’t clobber that too somehow, including possibility of sync/clone software propagating the damage… Keeping configuration information somewhere safe will help, because the goal is to restore the backup.
is answered above. An unmodified clone of the backup file area should do “direct restore” just as well as original did. When it comes time to get back into the backup business, full DB Recreate should work too.
It’s awkward because recycling old space is impossible (perhaps a maintenance window for compact is a tolerable risk – if an attacker is camped on your system waiting for that, you’ve got a very severe problem).
Defense against trojans gets into a discussion of an append-only approach to file changes as a defense…
EDIT:
The REPAIR command (which is being rewritten so I’m not sure what it will do when/if the rewrite finishes) can alter remote files to try to line up the local database records and the remote. One unfortunate accident that can happen is if an old DB is restored from a backup, repair will consider later backup files as extras and delete them. So in that case, the inability to delete the newer backup files would become a “feature”…