This scenario involves an active cloud malware incident affecting operational systems. According to the ECIH cloud incident handling process, the priority after detection is containment and eradication using appropriate tooling. Cloud-specific security tools provide visibility into workloads, API activity, lateral movement, and malicious persistence mechanisms unique to cloud environments.

Option B is correct because deploying the cloud security tool enables identification of infected resources, malicious processes, compromised identities, and abnormal API usage. This allows responders to contain spread, remove malware, and restore integrity without unnecessary disruption.

Option A is an extreme business decision that could cause severe operational and financial damage and should only occur if safety is directly threatened. Option C is a communication step that must be based on verified impact. Option D is monitoring, not response.

ECIH emphasizes that incident response actions must be proportional, evidence-based, and targeted. Leveraging cloud-native or cloud-aware security tools is the most effective primary response in such incidents, making Option B correct.