Walk me through how you would use the MITRE ATT&CK framework to assess AIG’s current defensive coverage against a specific ransomware group.