It seems overwhelming to me thinking about what to do in this scenario. Where would you begin? Scans of the network, looking for vulnerabilities? How do you go about mitigating an issue without setting something else like ransomware? Would you need to have a clean back up of the network if this is the case?