RANSOMWAREINCIDENT ACTIVE
Ransomware Outbreak
03:15 AM. PagerDuty fires P1. EDR telemetry shows svchost_update.exe encrypting files at 400 MB/min across the finance VLAN. 8 workstations affected and rising. An employee reports their wallpaper changed to a ransom note demanding 45 BTC.
STEP 1/3
MITRE ATT&CK:T1486Data Encrypted for Impact
What is your first action?