After this incident, things went well, after a month or so, suddenly, he took our network and said that we are receiving a DDoS attack, we asked for the records in which IP we are receiving the attacks and not all were provided, then 24 hours, everything happened. again online,
In the meantime, no updates or anything was provided, then, later, during the night, the network dropped again and told us that we were receiving a DDoS attack, we reviewed Dstat, the incoming traffic was regular.
Then we asked him, again and again, that he is receiving DDoS attacks, please give us some proof (I told him that if he would continue doing this, we will not continue from next month, this is not professional)
Upon hearing this, he finished my services and posted in his Discord Community saying that he is selling our data for free if someone wants it, that they can ping him, and he also suspended the service.
I asked for the data because we had essential customer data.
He asked for a ransom of 250 euros to recover the data and constant denial.
After that, my senior sent him a text message and had a conversation, and then he activated the backup of the services, but added a network speed of 1 Mbps up and 1 Mbps down.
We could not do anything on the dedicated server. Anyway, it was like a dead service, after my senior requested it, he returned to give a network of 1gbps, and we took a backup and, the next day, made the network with IDRAC from our dedicated server saying that is receiving a DDoS attack.
This time, it provided a screenshot of the input and output network, which had nothing to link to DDoS or anything.
Then, after several periods of inactivity of approximately 48 hours, my senior was also fed up with his behavior of not responding to this issue, or of telling us which IP we were receiving DDoS or something like that. He also said why being so unprofessional does not understand that we have customers to respond, finished the services instantly.
Without even notifying him, he formatted the disk or he was not sure (he could still have the data), he changed the password of IDRAC and ssh and sold it to someone else.
Be careful, it can happen to you too.
I am attaching all the evidence.