Develop incident recovery plan

Document and make available to all involved parties:

• Configuration documentation: DNS, CDN, hosting login and contact details
• Website restoration: The Drupal website was brought back online after ensuring that all vulnerabilities were patched and malicious code was removed.
• Files restoration
• Database Reconnection: The isolated databases were reconnected to the website after confirming their integrity.
• Monitoring: Intensive monitoring was set up to observe system behaviour and network traffic
• Security audit of API keys: re-generate API keys