Some of our servers got hit with ransomware, which I uploaded to ID Ransomware. It was identified as REvil / Sodinokibi. We managed to restore the servers, but would still like to know where could have this came from and how did it spread? We do not have any Oracle WebLogic servers.
here is the complete guide :
Welcome to community!
I hope this link would help you.