An employee was conducting research on the Internet when a message from cyber criminals appeared on the screen, stating the hard drive was just encrypted by a ransomware variant.
An analyst observes the following:
– Antivirus signatures were updated recently
– The desktop background was changed
– Web proxy logs show browsing to various information security sites and ad network traffic
– There is a high volume of hard disk activity on the file server
– SMTP server shown the employee recently received several emails from blocked senders
– The company recently switched web hosting providers
– There are several IPS alerts for external port scans
Which of the following describes how the employee got this type of ransomware?
A . The employee fell victim to a CSRF attack
B . The employee was using another user’s credentials
C . The employee opened an email attachment
D . The employee updated antivirus signatures
Answer: A