Improving Backup System Evaluations in Information Security Risk Assessments to Combat Ransomware

Jason Earl Thomas, Gordon C. Galligher


Ransomware is the fastest growing malware threat and accounts for the majority of extortion based malware threats causing billions of dollars in losses for organizations around the world. Ransomware is a global epidemic that afflicts all types of organizations that utilize computing infrastructure. Once systems are infected and storage is encrypted, victims have little choice but to pay the ransom and hope their data is released or start over and rebuild their systems. Either remedy can be costly and time consuming. However, backups can be used to restore data and systems to a known good state prior to ransomware infection. This makes backups the last line of defense and most effective remedy in combating ransomware. Accordingly, information security risk assessments should evaluate backup systems and their ability to address ransomware threats. Yet, NIST SP-800-30 does not list ransomware as a specific threat. This study reviews the ransomware process, functional backup architecture paradigms, their ability to address ransomware attacks, and provides suggestions to improve the guidance in NIST SP-800-30 and information security risk assessments to better address ransomware threats.

Full Text:



Copyright (c) 2017 Jason Earl Thomas

License URL:

Computer and Information Science   ISSN 1913-8989 (Print)   ISSN 1913-8997 (Online)  Email:

Copyright © Canadian Center of Science and Education

To make sure that you can receive messages from us, please add the '' domain to your e-mail 'safe list'. If you do not receive e-mail in your 'inbox', check your 'bulk mail' or 'junk mail' folders.