Final answer:
The two aspects that were missed during the rush to isolate the hosts were essential information needed for data restoration and indicators of compromise for determining ransomware encryption.
Step-by-step explanation:
The two aspects that were missed during the rush to isolate the hosts were:
- Essential information needed to perform data restoration to a known clean state: When the hosts were shut down immediately without investigation, the opportunity to gather crucial information about the state of the system and the ransomware's impact was lost. This information is necessary to restore the affected data to a clean state.
- Indicators of compromise to determine ransomware encryption: By shutting down the hosts without investigation, the chance to examine and identify indicators of compromise, such as file changes, metadata, or log files, was missed. These indicators are key to understanding how the ransomware operated and how it encrypted the directories.