These filers have snapshot operation, i.e. they take snapshots at specified moments in time so you can go back in the past and see a file as it was back then, and copy it back to the current state. At some point in time, old snapshots are deleted. There appears to be some mechanism so that he hourly snapshots created today are being deleted in a few days, leaving a single snapshot for that day, and after some time those are deleted leaving a single one for the week, etc.
Correct me if I am wrong, but my guess is that these snapshots live in the "available space" on the volume. So, the more available space you have and the less activity on the filesystem (file modifications), the longer the history of snapshots that you can refer back to.
My fear is that there will appear ransomware that not only encrypts your files (with an unencrypted copy still existing in the snapshots), but will also fill the filesystem with large files with random data, filling up the free space and thus deleting the snapshots.
I don't know how these filers are configured and if there may be some mechanism that prevents the trojan to use up all available free space and thus delete the last valid snapshot, but I am not so sure that this would save us. After all, the trojan may choose to become active at friday evening when everyone has gone home and use the entire weekend to do its work and even ensuring that any further snapshots are from the encrypted data.
This whole garbage would then also be replicated to the backup filer, triggering the same mechanism there. Unless the space on the backup filer is much more than on the main filer, it may effectively overwrite all backup snapshots as well.
So it might be save with very clever configuration, but unfortunately my experience with outsourced services is that the operators optimize on profit rather than on optimal technical configuration. When discussing nifty features you invariably see them think "that will cost more man-hours, we are not going to do that unless it is paid by the hour". So let's assume for now that it has not been cleverly configured and we can only be saved by the manufacturer who might have put a clever default there.
Notice that those filers do not even trigger an alarm when there is a job from a single machine that reads and rewrites tens of thousands of files at high rate. That would certainly be something to consider, in my world.