You discover strange activity on a shared storage system where files are being encrypted and a fee is demanded for restoration. Which measure is most effective for containing the spread and recovering data?
Open external ports to scanning tools for accelerated identification of the attack
Disconnect the impacted resource and recover files from known-safe backups
Reset user account credentials to block unwanted access
Work out a payment agreement with the malicious group for faster data return
Removing the compromised instance from the network eliminates the source of file corruption. Restoring from previous backups provides a clean state, ensuring that data is not still compromised. Resetting user credentials without isolating the infected system can fail to stop further encryption. Negotiating with attackers does not guarantee a secure restoration. Opening firewalls to external scanning services can create additional risks without addressing the root cause.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the best practices for creating and maintaining backups?
Open an interactive chat with Bash
How does removing an infected system from a network prevent further spread?
Open an interactive chat with Bash
Why is paying ransom to attackers not considered a reliable solution?