Any detective to help with quest? Virus/worm on Ubuntu. Can not connect :(

I have 512 MB Memory / 20 GB Disk / AMS3 - Ubuntu LAMP on 14.04 droplet.

I have installed Prestashop.

It was working for few months. But now it does not. Now:

1. Does not ping from outer world (“Request timeout for icmp_seq 0”.)
2. Ic an not ssh to it (“ssh: connect to host 188.166.xx.xx port 22: Operation timed out”)
3. I can access it only with native DigitalOcean Droplet Console.

In DigitalOcean Droplet Panel I see: Graphs:

1. CPU usage almost constantly around 13%. (12 aug 2016 — CPU dropped from 14.5% avg flat to 13% avg flat.)
2. Public in/outbound: 0.
3. Constantly I see writing to disk: 0.6Mb/s At around 17:30 every day I see regular spike to CPU 19%, Disk read 1Mb/s, Disk write 1Mb/s.

If from the DigitalOcean Droplet Console:

1. I can not ping www.google.com
2. Can not see process list with ps or top — it hangs forever. Until I restart the Droplet.

I have created another Droplet. But from there I can not connect to my first droplet neither:

OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g-fips  1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: /etc/ssh/ssh_config line 59: Applying options for *
debug2: resolving "188.166.xx.xx" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 188.166.xx.xx port 22.
debug1: connect to address 188.166.xx.xx port 22: No route to host
ssh: connect to host 188.166.xx.xx port 22: No route to host```

Same "No route to host" if I go to "First" droplet and try to ssh to the "New" one.

The "First" Droplet Console lags quite a lot comparing to "New" one. So something is running there, but I can not see a process list.

--

Please help to either restore proper control.
OR
To copy DB data and archived prestashop. (Already did tgz and mysqldump.)

Maybe list me some commands you think might try. I would really appreciate your help, guys!