In today’s environment a great many compromised sites end up being WordPress exploits. Even when the app is kept up to date, a simple directory permission can cause quite the headache.
Many would say that you would need to delete the website and install a fresh WordPress instance.
It is recommended that you back up everything you can (Ask technical support through the support tickets to make a zip file for you if needed), this is both the files and the database on a regular basis.
If you haven’t backed up your site, you risk losing years of work and the hack is particularly pernicious, it is possible to clean the site utilizing an external site’s recommendation (Unaffiliated with Superb, so use with caution):