A company has been struck by a ransomware attack which has left their files encrypted. Prior to this incident, the company followed a strict data backup policy. In order to restore operations and recover from the attack, which of the following is the BEST immediate action?
Rebuild the affected systems from scratch
Isolate the infected systems and then negotiate payment with the attackers
Restore from last known good backups
Pay the ransom to quickly regain access to the encrypted files
Given that the company has a strict data backup policy, the best immediate action to recover from a ransomware attack is to restore from last known good backups. This enables the recovery of encrypted data without paying the ransom. Isolation of the infected system is important to prevent the spread of ransomware, but it does not help in data recovery. Paying the ransom is not advised because it does not guarantee data recovery and may encourage future attacks. Rebuilding the affected systems from scratch is resource-intensive and unnecessary if a recent backup is available.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the characteristics of a good data backup policy?
Open an interactive chat with Bash
What types of backups are there, and how do they differ?
Open an interactive chat with Bash
Why is paying a ransom generally discouraged in ransomware attacks?