In coordination with the Cyber security office, our wordpress infrastructure is back online as of 14:40 this afternoon and we have restored all the wordpress sites listed in the initial message.
Very fortunately we were able to restore them to a known clean state from backups that were made at 01:00:00 11/21/20213 (one AM this morning). This means that very few, (possibly no), changes were lost. However if you have made any changes to any of these sites this morning then you will need to make those changes again. We regret the inconvenience, but it was necessary to be confident that no residual evil remained.
The short story on the incident is that a very new vulnerability in a wordpress plugin made it possible for a baddy to insert some content on the server at 10:49 Am this morning. We became aware of it by 11 AM and soon after had made the content made unavailable to the internet. The server was patched, restored to a known clean state and put back into production by 14:40.
If you would like more details please feel free to contact us at email@example.com, we’d be happy to take the opportunity to brag about how well we managed the issue.