CompTIA A+ Core 2 (220-1002) — Question 169

Many of the files in a user's network folder have a new file extension and are inaccessible. After some troubleshooting, a technician discovers a text document that states the files were intentionally encrypted, and a large sum of money is required to decrypt them.
Which of the following should the technician do to recover the files?

Answer options

• A. Restore the network folder from a backup.
• B. Perform a System Restore on the computer.
• C. Update the malware scanner and run a full scan.
• D. Disconnect the computer from the network.

Correct answer: D

Explanation

The correct action is to disconnect the computer from the network to prevent further encryption and to stop the spread of the ransomware. Restoring from a backup (A) may not be effective if the backup is also encrypted, System Restore (B) does not address the encryption issue, and updating the malware scanner (C) does not provide immediate protection against ongoing encryption.