Hi All,
This weekend we had a hosted Windows 2008 R2 server go down.
On investigating we found a process running 100% CPU. It was running a BitCoin pool miner!
Found some other suspect stuff so this server is now offline.
I suspect it might be related to the recent NSA hack release. https://www.theregister.co.uk/2017/04/14/latest_shadow_brokers_data_dump/
Luckily there was nothing critical running on this server.