Imagine a client has suffered a ransomware attack. What are your immediate first steps to contain and remediate the breach?