A major financial institution's computer incident response team $($CIRT$)$ is dealing with a complex cyber attack. The attack started with several spear phishing emails sent to crucial employees in different departments. These emails had skillfully crafted messages and appeared to have legitimate attachments. However, upon opening them, the initiation of a highly evasive and previously unknown malware launched. What steps should the CIRT take in the containment phase of the incident response process to address this advanced attack?

a$.$

Temporarily disable all user accounts and applications to prevent further spread of malware.

b$.$

Disconnect all affected hosts from the network and shut down all communication channels.

c$.$

Use network segmentation to isolate and monitor infected systems, to analyze the attacker$$s tactics.

d$.$

Immediately restore affected systems from backups and apply patches to prevent further attacks.