Scenario
Ransomware incident - respond according to NIST guidelines
At 2:45 AM, the Security Operations Center (SOC) receives multiple alerts indicating suspicious file encryption activity on several workstations. Initial analysis suggests a ransomware infection. Multiple users report being unable to access their files, and ransom notes have appeared on affected systems. Your role: Lead the incident response team through the proper NIST incident response lifecycle to contain and resolve this security incident while minimizing business impact and preserving evidence for potential legal action.
Instructions: Arrange the incident response steps in the correct order according to the NIST SP 800-61 Incident Response lifecycle. Some steps may occur in parallel, but arrange them in their logical sequence.
NIST Incident Response Lifecycle (Reference):
1. Preparation2. Detection & Analysis3. Containment4. Eradication5. Recovery6. Post-Incident Activity
Arrange Incident Response Steps
Drag steps to the answer area and arrange them in the correct sequence
Available Items
0 remainingAll items have been placed
Your Answer (Order matters)
Drag items here to build your answer