Recovering deleted resources and VMs after a compromise requires immediate action to mitigate further damage. Here are some steps you can take:
Contact Microsoft Support: While you mentioned that you have already raised a ticket, continue following up with Microsoft Support. Make sure to provide them with all the necessary information, including the date and time of the incident, affected resources, and any other relevant details. Request urgent assistance and emphasize the criticality of the situation.
Enable Azure Active Directory (AD) auditing: Azure AD auditing provides logs and records of activities within your Azure account. Enable auditing if it wasn't already done before the incident. This will help in investigating the breach and identifying the actions performed by the hackers.
Assess the extent of the compromise: Work with Microsoft Support to assess the impact and determine the scope of the compromise. Understand which resources have been deleted and the potential data loss. Document any evidence you have regarding the incident and share it with Microsoft Support.
Change credentials and enable Multi-Factor Authentication (MFA): As a precautionary measure, change all passwords associated with the compromised account. Additionally, enable MFA for added security. This helps prevent unauthorized access even if the hackers have the account credentials.
Review security logs: Check your Azure security logs for any suspicious activities or logins from unfamiliar IP addresses. Look for patterns or indicators that might help identify the attackers or their methods. Share these logs with Microsoft Support for investigation.
Restore from backups (if available): If you had backups configured for your resources, check if they are intact and accessible. Restore the deleted resources from the latest available backup.
Enhance security measures: Review your security practices and consider implementing additional security measures. This may include network security groups, firewall rules, Azure Security Center, and other Azure security features to help prevent future incidents.
Evaluate third-party security solutions: Consider utilizing third-party security solutions or engaging professional security services to help assess and enhance the security of your Azure environment.
Remember, time is of the essence in such situations. Continue pursuing Microsoft Support for assistance, provide them with all the necessary details, and emphasize the urgency of the issue.