Security
A company hosts its critical applications on a cloud provider's virtual machines within a virtual private cloud. The security team receives an alert from the intrusion detection system indicating that one of the VMs is exhibiting signs of a ransomware infection. The administrator connects to the VM via a bastion host and observes that several important files have been encrypted and a ransom note has been left. The incident response plan is still being developed, but the administrator knows the immediate priority is to contain the threat and prevent it from spreading to other VMs and storage resources. The company has daily backups stored in a separate cloud storage service that is not directly accessible from the production network. Which of the following actions should the administrator take FIRST to contain the incident and minimize further damage?