how do i recover my deleted resourcices and VM by hackers that compromised our account

ICS Outsourcing Limited 0 Reputation points

I am sending this mail in respect of the status of our Microsoft Azure account.

Users login details:

We noticed the account is compromised and the incident occurred on the 19<sup>th</sup> May 2023 at 3.22pm and affected the following on the azure account.

  1. Unusual Activities on our azure account
  2. all resources not found or deleted
  3. all VM server not found or deleted
  4. backup not found or deleted
  5. payment history not found or deleted
  6. Recent payment details not found and status of payment unknown
  7. suspect account subscription changed
  8. Sending ticket doesn't not give the actual correct details subscription to the issue and no response yet after more than 12 hours of sending ticket to Microsoft.

We have taken a step by changing the password login to the Azure platform before the incident occurred but we noticed the deed has been done. See our last payment ticket for the April and it is not reflecting.

To reach Microsoft help and support has been very difficult to treat or help to Analise the issue with our account has been a big hold and it is seriously hampering our business.

honestly in the next 48 hour if we can't get response from Microsoft on the issue on ground we relocate all our resources to another vendor,

Thank you and kind regards.

Azure Backup
Azure Backup
An Azure backup service that provides built-in management at scale.
881 questions
Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
887 questions
Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
5,271 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
1,836 questions
Azure Site Recovery
Azure Site Recovery
An Azure native disaster recovery service. Previously known as Microsoft Azure Hyper-V Recovery Manager.
455 questions
{count} votes

1 answer

Sort by: Most helpful
  1. VasimTamboli 3,650 Reputation points

    Recovering deleted resources and VMs after a compromise requires immediate action to mitigate further damage. Here are some steps you can take:

    Contact Microsoft Support: While you mentioned that you have already raised a ticket, continue following up with Microsoft Support. Make sure to provide them with all the necessary information, including the date and time of the incident, affected resources, and any other relevant details. Request urgent assistance and emphasize the criticality of the situation.

    Enable Azure Active Directory (AD) auditing: Azure AD auditing provides logs and records of activities within your Azure account. Enable auditing if it wasn't already done before the incident. This will help in investigating the breach and identifying the actions performed by the hackers.

    Assess the extent of the compromise: Work with Microsoft Support to assess the impact and determine the scope of the compromise. Understand which resources have been deleted and the potential data loss. Document any evidence you have regarding the incident and share it with Microsoft Support.

    Change credentials and enable Multi-Factor Authentication (MFA): As a precautionary measure, change all passwords associated with the compromised account. Additionally, enable MFA for added security. This helps prevent unauthorized access even if the hackers have the account credentials.

    Review security logs: Check your Azure security logs for any suspicious activities or logins from unfamiliar IP addresses. Look for patterns or indicators that might help identify the attackers or their methods. Share these logs with Microsoft Support for investigation.

    Restore from backups (if available): If you had backups configured for your resources, check if they are intact and accessible. Restore the deleted resources from the latest available backup.

    Enhance security measures: Review your security practices and consider implementing additional security measures. This may include network security groups, firewall rules, Azure Security Center, and other Azure security features to help prevent future incidents.

    Evaluate third-party security solutions: Consider utilizing third-party security solutions or engaging professional security services to help assess and enhance the security of your Azure environment.

    Remember, time is of the essence in such situations. Continue pursuing Microsoft Support for assistance, provide them with all the necessary details, and emphasize the urgency of the issue.

    0 comments No comments