If the attacker has the control over the hypervisor, then the full access to VMs will be under threat. In order to overcome this situation, the following plans and ideas can be helpful. The document outcome is the ideas discussed among the SMEs.
Limit the access to admin
PEN Testing the accounts to evaluate the security. Example: Brute force test on password.
Having Backups of Hypervisor and nodes for Fallback/re-deployment
Performing Audits periodically
Updated backups that can be written over the compromised systems.
A Kill-switch to stop the process.
In order to find the solution/ to know in details about the risk that has happened, responder team is one to be communicated first.
Point of Contact: Rily and/or Robert
Point of Contact: Kyle and Haxhi