Man that sucks.
Here's to having a great disaster/CERT program in place!
Bring up back up servers on seperate location, reroute DNS
Pull those compromised servers down, amend firewall policies, path the intrusion, eliminate platforms, remove/replace drive, and NSA/DHS probably would like the drives that were compromised.