While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.
Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?
A. Pay the ransom within 48 hours.
B. Isolate the servers to prevent the spread. Most Voted
C. Notify law enforcement.
D. Request that the affected servers be restored immediately.
While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown s
-
answerhappygod
- Site Admin
- Posts: 899604
- Joined: Mon Aug 02, 2021 8:13 am
While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown s
Join a community of subject matter experts. Register for FREE to view solutions, replies, and use search function. Request answer by replying!