My little idea after reinstall from yesterdays backup and doing upgrade was to block access to port 8090 and port 7080 with csf
I add to csf.allow:
tcp|in|d=8090|s=1.2.3.4
tcp|in|d=7080|s=1.2.3.4
(1.2.3.4 means your own IP)
and removed any Port 8090 and 7080 from csf.conf
Its not 100% but maybe a little help
I had 7 infected servers. And one is infected by that encryption trojaner with .locked files 
Very stupid ppl who kills tthe system by locking system files…