Multiple employees receive an email with a malicious attachment that begins to encrypt their hard drives and mapped shares on their devices when it is opened. The network and security teams perform the following actions:
+Shut down all network shares.
+Run an email search identifying all employees who received the malicious message.
+Reimage all devices belonging to users who opened the attachment.
Next, the teams want to re-enable the network shares.
Which of the following BEST describes this phase of the incident response process?
A.
Eradication
B.
Containment
C.
Recovery
D.
Lessons learned