A user calls the help desk saying they cannot log into their Windows 10 workstation because a message claims their files are encrypted and they must pay a ransom. What is the most effective remediation approach?
Trap 1: Pay the ransom to get the decryption key
Paying does not guarantee decryption and supports criminal activity; it is not recommended.
Trap 2: Reboot into Safe Mode and run a malware scan
While scanning may remove the ransomware, it will not decrypt already-encrypted files; backup restoration is needed.
Trap 3: Run System Restore to a point before the attack
System Restore may not recover encrypted user files and could be ineffective if the ransomware has disabled it.
- A
Pay the ransom to get the decryption key
Why wrong: Paying does not guarantee decryption and supports criminal activity; it is not recommended.
- B
Reboot into Safe Mode and run a malware scan
Why wrong: While scanning may remove the ransomware, it will not decrypt already-encrypted files; backup restoration is needed.
- C
Disconnect from the network and restore files from a verified backup
This isolates the infection and recovers the data without paying, following best practices for ransomware remediation.
- D
Run System Restore to a point before the attack
Why wrong: System Restore may not recover encrypted user files and could be ineffective if the ransomware has disabled it.