Not updated regularly.
But of course, I have no idea why your server was compromised.
Do you have backups of your Kirby sites? Maybe you can find out in the server logs when your server was hacked. I’d delete everything and replace with a backup that can’t possibly have been infected.
Most often, it seems, these things seem to happen when hosting provider still allows FTP access to the server. But there are many ways hackers can find their way in. Is this a managed server and do you maintain it yourself? There seems to be some scanning in place, otherwise those file with the .suspected extension wouldn’t exist, I guess.
So, time to tidy up.