Hi,
We have just received a down alert for various websites, and when we log into the server all the /home/ packages have been deleted and there is a readme file demanding 1 bitcoin in 24 hours otherwise they will release the information they have on the server to the public.
Does anyone have any advice on steps I should take. I'm currently thing
1. Contact data centre to wipe the server
2. Reinstall cPanel
3. Restore backups
4. Check security etc
I assume we will have to report this to the UK ICO but is there anything else we should look at before carrying out the steps above, I'm puzzled to how they got access as SSH is on an alternative port and root ssh is blocked without a sudo user.
Thanks.
We have just received a down alert for various websites, and when we log into the server all the /home/ packages have been deleted and there is a readme file demanding 1 bitcoin in 24 hours otherwise they will release the information they have on the server to the public.
Does anyone have any advice on steps I should take. I'm currently thing
1. Contact data centre to wipe the server
2. Reinstall cPanel
3. Restore backups
4. Check security etc
I assume we will have to report this to the UK ICO but is there anything else we should look at before carrying out the steps above, I'm puzzled to how they got access as SSH is on an alternative port and root ssh is blocked without a sudo user.
Thanks.
