Multiple employees receive an email with a malicious attachment that begins to encrypt their hard drives and mapped shares on their devices when it is opened. The network and security teams perform the following actions: ✑ Shut down all network shares. ✑ Run an email search identifying all employees who received the malicious message. ✑ Reimage all devices belonging to users who opened the attachment. Next, the teams want to re-enable the network shares. Which of the following BEST describes this phase of the incident response process? 

Answer options:

A. Eradication
B. Containment
C. Recovery
D. Lessons learned

C