During a ransomware incident, the organization discovers that all production backups have been encrypted by the attacker. What is the most effective recovery approach?
Immutable backups cannot be modified by ransomware and are reliable recovery sources.
Why this answer
Option D is correct because offline immutable backups are not accessible to the ransomware and provide a clean restore point. Option A is wrong because paying ransom does not guarantee decryption. Option B is wrong because system restore points may also be encrypted.
Option C is wrong because decryption tools often fail against modern ransomware.