You are a cybersecurity analyst tasked with responding to a ransomware attack on your company's network. Which of the following actions should be prioritized to limit the impact of the attack?
You selected this option
Implement compensating controls to protect other systems
In the case of a ransomware attack, isolating the affected systems is critical to prevent the malware from spreading to other systems. Disconnecting infected machines from the network ensures that the ransomware cannot communicate with external servers or compromise additional data. Re-imaging may be necessary later, but initially, isolation is the priority. Initiating a legal hold and compensating controls are also part of the broader response strategy but are not the first steps to limit immediate impact.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is isolating infected systems so important during a ransomware attack?
Open an interactive chat with Bash
What are some methods to effectively isolate infected systems?
Open an interactive chat with Bash
What steps should be taken after isolating infected systems?