You receive an alert indicating potential ransomware activity on a segment of the corporate network. What are your immediate first steps?