Improving Backup System Evaluations in Information Security Risk Assessments to Combat Ransomware

Abstract

Ransomware is the fastest growing malware threat and accounts for the majority of extortion based malware threats causing billions of dollars in losses for organizations around the world. Ransomware is a global epidemic that afflicts all types of organizations that utilize computing infrastructure. Once systems are infected and storage is encrypted, victims have little choice but to pay the ransom and hope their data is released or start over and rebuild their systems. Either remedy can be costly and time consuming. However, backups can be used to restore data and systems to a known good state prior to ransomware infection. This makes backups the last line of defense and most effective remedy in combating ransomware. Accordingly, information security risk assessments should evaluate backup systems and their ability to address ransomware threats. Yet, NIST SP-800-30 does not list ransomware as a specific threat. This study reviews the ransomware process, functional backup architecture paradigms, their ability to address ransomware attacks, and provides suggestions to improve the guidance in NIST SP-800-30 and information security risk assessments to better address ransomware threats.