A user calls the help desk to report that none of the files on a PC will open. The user also indicates a program on the desktop is requesting payment in exchange for file access. A technician verifies the user's PC is infected with ransomware. Which of the following should the technician do FIRST?
When handling a ransomware infection, the technician's first priority should be to prevent the malware from spreading or causing further damage. Quarantining the system is the most appropriate initial step. This will isolate the infected machine from the network and other devices, helping to contain the threat and limit its potential impact. Once the system is quarantined, further steps such as scanning and removing the malware, disabling System Restore, and scheduling automated malware scans can be taken.
After verifying the malware, quarantining would be the next step in malware removal process. Comptia Exam Objectives for malware removal. 1. Investigate and verify malware symptoms 2.Quarantine infected systems 3.Disable System Restore in Windows 4.Remediate infected systems a. Update anti-malware software b.Scanning and removal techniques (e.g., safe mode, preinstallation environment) 5.Schedule scans and run updates 6.Enable System Restore and create a restore point in Windows 7. Educate the end user
The answer is C because generally, quarantining a system is the first thing you do in malware removal. Then comes disabling system restore, then scan and remove the malware, and then schedule automated malware scans.
Quarantine it guys, don't want it to spread like wildfire.
Quarantine the unit to not affect other users if the ransomware can affect the network. It was not recoverable even if you paid them and some ransomware keys were exposed online.
Not great question but answer is C.
Always. Quarantine. First.