Ransomware is a type of malware that encrypts the files on a system and demands a ransom for their decryption1. Ransomware can also spread to other systems on the network or exfiltrate sensitive data to the attackers2. Therefore, it is important to isolate the infected machine as soon as possible to contain the infection and prevent further damage3. Powering off the machine is a quick and effective way of disconnecting it from the network and stopping any malicious processes running on it12. The other options are not directly related to preventing ransomware damage or may not be effective. Running a full antivirus scan may not be able to detect or remove the ransomware, especially if it is a new or unknown variant1. Removing the LAN card may disconnect the machine from the network, but it may not stop any malicious processes running on it or any data encryption or exfiltration that has already occurred2. Installing a different endpoint solution may not be possible or helpful if the system is already infected and locked by ransomware1.