So. the provider I'm using for my reseller account got itself taken out by a zero day exploit, which apparently wiped out their main drive and most of their backup drive.
My possibly incorrect interpretation of the email they sent out suggests that the attack was just on the one server. I'm wondering if they were silly enough to have the backup drive in the same machine or if they were just unlucky enough to have triggered the attack or had it running while doing a backup.