标签云
asm恢复 bbed bootstrap$ dul In Memory kcbzib_kcrsds_1 kccpb_sanity_check_2 kfed MySQL恢复 ORA-00312 ORA-00607 ORA-00704 ORA-01110 ORA-01555 ORA-01578 ORA-08103 ORA-600 2131 ORA-600 2662 ORA-600 2663 ORA-600 3020 ORA-600 4000 ORA-600 4137 ORA-600 4193 ORA-600 4194 ORA-600 16703 ORA-600 kcbzib_kcrsds_1 ORA-600 KCLCHKBLK_4 ORA-15042 ORA-15196 ORACLE 12C oracle dul ORACLE PATCH Oracle Recovery Tools oracle加密恢复 oracle勒索 oracle勒索恢复 oracle异常恢复 Oracle 恢复 ORACLE恢复 ORACLE数据库恢复 oracle 比特币 OSD-04016 YOUR FILES ARE ENCRYPTED 勒索恢复 比特币加密文章分类
- Others (2)
- 中间件 (2)
- WebLogic (2)
- 操作系统 (102)
- 数据库 (1,682)
- DB2 (22)
- MySQL (73)
- Oracle (1,544)
- Data Guard (52)
- EXADATA (8)
- GoldenGate (24)
- ORA-xxxxx (159)
- ORACLE 12C (72)
- ORACLE 18C (6)
- ORACLE 19C (15)
- ORACLE 21C (3)
- Oracle 23ai (7)
- Oracle ASM (67)
- Oracle Bug (8)
- Oracle RAC (53)
- Oracle 安全 (6)
- Oracle 开发 (28)
- Oracle 监听 (28)
- Oracle备份恢复 (565)
- Oracle安装升级 (92)
- Oracle性能优化 (62)
- 专题索引 (5)
- 勒索恢复 (79)
- PostgreSQL (18)
- PostgreSQL恢复 (6)
- SQL Server (27)
- SQL Server恢复 (8)
- TimesTen (7)
- 达梦数据库 (2)
- 生活娱乐 (2)
- 至理名言 (11)
- 虚拟化 (2)
- VMware (2)
- 软件开发 (37)
- Asp.Net (9)
- JavaScript (12)
- PHP (2)
- 小工具 (20)
-
最近发表
- 断电引起的ORA-08102: 未找到索引关键字, 对象号 39故障处理
- ORA-00227: corrupt block detected in control file
- 手工删除19c rac
- 解决oracle数据文件路径有回车故障
- .wstop扩展名勒索数据库恢复
- Oracle Recovery Tools工具一键解决ORA-00376 ORA-01110故障(文件offline)
- OGG-02771 Input trail file format RELEASE 19.1 is different from previous trail file form at RELEASE 11.2.
- OGG-02246 Source redo compatibility level 19.0.0 requires trail FORMAT 12.2 or higher
- GoldenGate 19安装和打patch
- dd破坏asm磁盘头恢复
- 删除asmlib磁盘导致磁盘组故障恢复
- Kylin Linux 安装19c
- ORA-600 krse_arc_complete.4
- Oracle 19c 202410补丁(RUs+OJVM)
- ntfs MFT损坏(ntfs文件系统故障)导致oracle异常恢复
- .mkp扩展名oracle数据文件加密恢复
- 清空redo,导致ORA-27048: skgfifi: file header information is invalid
- A_H_README_TO_RECOVER勒索恢复
- 通过alert日志分析客户自行对一个数据库恢复的来龙去脉和点评
- ORA-12514: TNS: 监听进程不能解析在连接描述符中给出的SERVICE_NAME
分类目录归档:MySQL恢复
MySQL勒索恢复
最近遇到几个mysql数据库被黑客删除库,并且留下比特币勒索信息在每个库的WARNING表中
mysql> desc WARNING -> ; +-----------------+----------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-----------------+----------+------+-----+---------+-------+ | id | int(11) | YES | | NULL | | | warning | longtext | YES | | NULL | | | Bitcoin_Address | longtext | YES | | NULL | | | Email | longtext | YES | | NULL | | +-----------------+----------+------+-----+---------+-------+ 4 rows in set (0.00 sec) mysql> select * from WARNING; +------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+------------------+ | id | warning | Bitcoin_Address | Email | +------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+------------------+ | 1 | To recover your lost Database and avoid leaking it: Send us 0.06 Bitcoin (BTC) to our Bitcoin address 1BLYhUDmnmVPVjcTWgc6gFT6DCYwbVieUD and contact us by Email with your Server IP or Domain name and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your Database is downloaded and backed up on our servers. Backups that we have right now: xxxx,xxxxxx,xxxxxxxx,xxxxxxx . If we dont receive your payment in the next 10 Days, we will make your database public or use them otherwise. | 1BLYhUDmnmVPVjcTWgc6gFT6DCYwbVieUD | contact@sqldb.to | +------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+------------------+ 1 row in set (0.00 sec)
大概的意思就是:我们已经把你的数据库备份,您交给我们0.06个比特币,我们把数据给你,如果10天之内我们没有收到款,即将把数据库给公开或者作为其他用途.根据我们以往接触的朋友经验,付款之后数据库也不会给你(很可能黑客根本就没有备份数据库,只是删除了数据库然后勒索比特币.
对于这类情况,通过分析,确认黑客是删除了数据库,在没有覆盖的情况下,我们可以对其数据进行恢复,处理类似:MySQL drop database恢复(恢复方法同样适用MySQL drop table,delete,truncate table)最大限度缓解因为数据库被破坏带来的损失.
如果您也遭遇到该问题,请保护现场,不要导入备份数据库,不要对数据所在分区进行写操作(现场保护的越好,数据恢复效果越好),对相关磁盘进行镜像,防止二次破坏.我们可以提供专业的mysql恢复服务,为您减少损失.
mysql 数据库目录被删除恢复
接到朋友请求,把mysql数据库的datadir目录给删除了,数据库目前还处于运行状态,但是很多操作已经无法正常进行
数据库可以登录,但是已经看不到任何业务数据库,可以结合表名查询
[root@hy-db-xff-s-110 mysql3306]# mysql -uroot -ptSQghoV^J1GE^U8*wPElImv5 mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 443214 Server version: 5.7.21-log MySQL Community Server (GPL) Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | +--------------------+ 1 row in set (0.00 sec) mysql> select count(1) from xifenfei.orders; +----------+ | count(1) | +----------+ | 16451326 | +----------+ 1 row in set (4.17 sec)
数据无法导出(into outfile不行是由于secure-file-priv参数默认导致)
mysql> select * from xifenfei.orders into outfile '/bakcup/orders_new.sql' FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"' LINES TERMINATED BY '\n'; ERROR 1290 (HY000): The MySQL server is running with the --secure-file-priv option so it cannot execute this statement [root@hy-db-cps-s-110 fd]# mysqldump -uroot -pwww.xifenfei.com xifenfei orders >/linshi/1.sql mysqldump: [Warning] Using a password on the command line interface can be insecure. mysqldump: Got error: 1049: Unknown database 'xifenfei' when selecting the database
因为mysql没有crash,因此相关文件已经存在(没有被真正删除)
通过此类方法恢复相关数据文件到新服务器上,然后尝试启动数据库,发现无法正常启动,有部分文件丢失,最后对单独ibd单独处理进行恢复,具体参考:[MySQL异常恢复]mysql ibd文件恢复,实现绝大多数数据的恢复,对于部分无法通过此类方法恢复出来的数据,在磁盘级别没有覆盖的情况下,可以先按照os层面方法恢复,参考:extundelete恢复Linux被删除文件,如果此类方法也无法正常恢复,可以尝试数据库磁盘碎片级别恢复:MySQL drop database恢复(恢复方法同样适用MySQL drop table,delete,truncate table)
mysql数据库被加密恢复
由于是mysql 5.6的版本,默认情况innodb引擎,Innodb_file_per_table参数默认为true,因此数据为每个表存在为一个单独的ibd文件中,让客户提供需要恢复的表的ibd被加密文件
通过一系列底层操作,实现数据完美恢复
如果是Innodb_file_per_table参数为false(5.6之前版本默认为false),需要通过ibdata文件进行恢复
如果您的数据库(oracle,mysql sql server)不幸被比特币加密,可以联系我们
Tel/微信:17813235971 Q Q:107644445 E-Mail:dba@xifenfei.com提供专业的解密恢复服务.