Method for ransomware impact assessment and remediation assisted by data compression

What is claimed is: 1. A computer readable medium storing software for assessing ransomware impact, comprising instructions that when installed and executed cause one or more processors to: based on an identification of a ransomware attack, an indication of a first plurality of files stored on a user device, and a classification for each of the first plurality of files, determine a second plurality of files stored in a remote storage, wherein the second plurality of files corresponds to an indication of files stored on the user device at a first prior time, wherein each of the second plurality of files are associated with a second classification; determine a third plurality of files including files included in the first plurality of files and not included in the second plurality of files; calculate a risk assessment based on a third classification for each of the third plurality of files, the third classification formed based on the first classification and the second classification; and output the risk assessment and a signature representing the third plurality of files for remediation of the third plurality of files based on the risk assessment. 2. The computer readable medium of claim 1 , wherein the third classification of the third plurality of files indicates a relative recovery value of the third plurality of files. 3. The computer readable medium of claim 1 , wherein the instructions to calculate the risk assessment further include instructions that cause the one or more processors to: determine that the second plurality of files are corrupt; in response to determining that the second plurality of files are corrupt, identifying a fourth plurality of files corresponding to an indication of files stored on the user device at a second prior time; and calculating the risk assessment further based on classifications for each of the first plurality of files not included in the fourth plurality of files. 4. The computer readable medium of claim 3 , wherein the second plurality of files are hosted by a first cloud storage service, and wherein the fourth plurality of files are hosted by a second cloud storage service. 5. A method for improving assessment of ransomware impact, comprising: based on an identification of a ransomware attack, an indication of a first plurality of files stored on a user device, and a classification for each of the first plurality of files, determining a second plurality of files stored in a remote storage, wherein the second plurality of files corresponds to an indication of files stored on the user device at a first prior time, wherein each of the second plurality of files are associated with a second classification; determining a third plurality of files including files included in the first plurality of files and not included in the second plurality of files; calculating a risk assessment based on classifications for each of the third plurality of files, the third classification formed based on the first classification and the second classification; and outputting the risk assessment and a signature representing the third plurality of files for remediation of the third plurality of files based on the risk assessment. 6. The method of claim 5 , wherein the third classification of the third plurality of files indicates a relative recovery value of the third plurality of files. 7. The method of claim 5 , wherein calculating the risk assessment further includes: determining that the second plurality of files are corrupt; in response to determining that the second plurality of files are corrupt, identifying a fourth plurality of files corresponding to an indication of files stored on the user device at a second prior time; and calculating the risk assessment further based on classifications for each of the first plurality of files not included in the fourth plurality of files. 8. The method of claim 7 , wherein the second plurality of files are hosted by a first cloud storage service, and wherein the fourth plurality of files are hosted by a second cloud storage service. 9. A system for assessing ransomware impact, comprising: one or more processors; and a memory coupled to the one or more processors and including instructions executable by the one or more processors to cause the system to distribute software to at least: based on an identification of a ransomware attack, an indication of a first plurality of files stored on a user device, and a classification for each of the first plurality of files, determine a second plurality of files stored in a remote storage, wherein the second plurality of files corresponds to an indication of files stored on the user device at a first prior time, wherein each of the second plurality of files are associated with a second classification; determine a third plurality of files including files included in the first plurality of files and not included in the second plurality of files; calculate a risk assessment based on classifications for each of the third plurality of files, the third classification formed based on the first classification and the second classification; and output the risk assessment and a signature representing the third plurality of files for remediation of the third plurality of files based on the risk assessment. 10. The system of claim 9 , wherein the third classification of the third plurality of files indicates a relative recovery value of the third plurality of files. 11. The system of claim 9 , wherein the instructions to calculate the risk assessment further include instructions that cause the system to: determine that the second plurality of files are corrupt; in response to determining that the second plurality of files are corrupt, identify a fourth plurality of files corresponding to an indication of files stored on the user device at a second prior time; and calculate the risk assessment further based on classifications for each of the first plurality of files not included in the fourth plurality of files. 12. The system of claim 11 , wherein the second plurality of files are hosted by a first cloud storage service, and wherein the fourth plurality of files are hosted by a second cloud storage service. 13. A computer readable medium comprising instructions for improving risk assessment, executable by one or more processors to: identify a first plurality of files stored in a user device at a first time; determine a first value classification for each of the first plurality of files; generate an indication of the first plurality of files at the first time, the indication including the first value classification and information regarding the first plurality of files to form a signature for remediation of malware with respect to the first plurality of files; and transmit, to a recovery server, the indication of the first plurality of files at the first time for backup storage. 14. The computer readable medium of claim 13 , wherein the first value classification is based on a relative replacement value of each of the first plurality of files. 15. The computer readable medium of claim 13 , wherein the value classification is based on a uniqueness of each of the first plurality of files. 16. The computer readable medium of claim 13 , wherein the instructions to generate the indication of the first plurality of files at the first time includes instructions executable by the one or more processors to: compress the first plurality of files; and store the compressed first plurality of files with a timestamp for the first time. 17. The computer readable medium