-
加我微信
加我QQ
标签云
asm恢复 bbed bootstrap$ dul In Memory kcbzib_kcrsds_1 kccpb_sanity_check_2 kfed MySQL恢复 ORA-00312 ORA-00607 ORA-00704 ORA-01110 ORA-01555 ORA-01578 ORA-08103 ORA-600 2131 ORA-600 2662 ORA-600 2663 ORA-600 3020 ORA-600 4000 ORA-600 4137 ORA-600 4193 ORA-600 4194 ORA-600 16703 ORA-600 kcbzib_kcrsds_1 ORA-600 KCLCHKBLK_4 ORA-15042 ORA-15196 ORACLE 12C oracle dul ORACLE PATCH Oracle Recovery Tools oracle加密恢复 oracle勒索 oracle勒索恢复 oracle异常恢复 Oracle 恢复 ORACLE恢复 ORACLE数据库恢复 oracle 比特币 OSD-04016 YOUR FILES ARE ENCRYPTED 勒索恢复 比特币加密文章分类
- Others (2)
- 中间件 (2)
- WebLogic (2)
- 操作系统 (102)
- 数据库 (1,683)
- DB2 (22)
- MySQL (73)
- Oracle (1,545)
- Data Guard (52)
- EXADATA (8)
- GoldenGate (24)
- ORA-xxxxx (159)
- ORACLE 12C (72)
- ORACLE 18C (6)
- ORACLE 19C (15)
- ORACLE 21C (3)
- Oracle 23ai (7)
- Oracle ASM (68)
- Oracle Bug (8)
- Oracle RAC (53)
- Oracle 安全 (6)
- Oracle 开发 (28)
- Oracle 监听 (28)
- Oracle备份恢复 (565)
- Oracle安装升级 (92)
- Oracle性能优化 (62)
- 专题索引 (5)
- 勒索恢复 (79)
- PostgreSQL (18)
- PostgreSQL恢复 (6)
- SQL Server (27)
- SQL Server恢复 (8)
- TimesTen (7)
- 达梦数据库 (2)
- 生活娱乐 (2)
- 至理名言 (11)
- 虚拟化 (2)
- VMware (2)
- 软件开发 (37)
- Asp.Net (9)
- JavaScript (12)
- PHP (2)
- 小工具 (20)
-
最近发表
- ORA-15411: Failure groups in disk group DATA have different number of disks.
- 断电引起的ORA-08102: 未找到索引关键字, 对象号 39故障处理
- ORA-00227: corrupt block detected in control file
- 手工删除19c rac
- 解决oracle数据文件路径有回车故障
- .wstop扩展名勒索数据库恢复
- Oracle Recovery Tools工具一键解决ORA-00376 ORA-01110故障(文件offline)
- OGG-02771 Input trail file format RELEASE 19.1 is different from previous trail file form at RELEASE 11.2.
- OGG-02246 Source redo compatibility level 19.0.0 requires trail FORMAT 12.2 or higher
- GoldenGate 19安装和打patch
- dd破坏asm磁盘头恢复
- 删除asmlib磁盘导致磁盘组故障恢复
- Kylin Linux 安装19c
- ORA-600 krse_arc_complete.4
- Oracle 19c 202410补丁(RUs+OJVM)
- ntfs MFT损坏(ntfs文件系统故障)导致oracle异常恢复
- .mkp扩展名oracle数据文件加密恢复
- 清空redo,导致ORA-27048: skgfifi: file header information is invalid
- A_H_README_TO_RECOVER勒索恢复
- 通过alert日志分析客户自行对一个数据库恢复的来龙去脉和点评
标签归档:比特币加密
.*4444后缀勒索病毒数据库文件修复
对于感染比较厉害的后缀名为*4444之类的比特币加密病毒(例如:help4444 all4444 china4444 monkey4444 snake4444 Rat4444 Tiger4444 Rabbit4444 Dragon4444 Horse4444 Goat4444 Rooster4444 Dog4444 Alco4444 Pig4444等之类的),我们可以提供基于Oracle/Sql Server数据库层面恢复,不依赖联系黑客解密
HOW_TO_BACK_FILES.txt文件内容
YOUR FILES ARE ENCRYPTED !!!
TO DECRYPT, FOLLOW THE INSTRUCTIONS:
To recover data you need decrypt tool.
To get the decrypt tool you should:
1.In the letter include your personal ID! Send me this ID in your first email to me!
2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files!
3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool!
4.We can decrypt few files in quality the evidence that we have the decoder.
DO NOT TRY TO DO SOMETHING WITH YOUR FILES BY YOURSELF YOU WILL BRAKE YOUR DATA!!ONLY WE ARE CAN HELP YOU! CONTACT US:
China.helper@aol.com
China.helper@india.com
ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YOU HAVE TO SEND IN FIRST LETTER:
81 D7 3E 94 A3 48 73 B3 36 EB 7F E0 96 78 CC 4E
80 39 FC 5C 1B 34 2B C4 D0 0C 4C 51 DE 35 83 75
85 6B 5D 49 33 BB E4 D6 E5 4B 0B 9A F5 77 65 3D
BF 9A 55 72 3C 46 DB 78 04 15 64 BB C6 9F 74 F4
5F B8 72 90 77 D2 2A 66 E0 2F 82 E3 4C 9B 50 FF
49 0B 22 AB 1A F8 85 33 42 49 3D 36 BF F3 FA 57
1F 66 D1 C7 AE F2 34 C7 3F A7 55 ED 92 82 F4 1B
04 71 E1 3B D6 83 D4 C9 6C 55 EC B8 91 BE A3 06
9F 12 5B 0E 37 D4 FD EC 90 3A 11 CF DB A9 96 35
69 98 61 2B 1B EC 70 C0 35 99 71 00 6D 8B 01 8C
EB C6 B7 F9 59 EE 3A E1 24 74 CF 9A 39 8A F3 A4
C1 BF 92 AE 9B F7 E1 C3 3C 1A 51 0C 3A B5 19 E9
5D 9F BD 30 43 CE D9 A9 B8 52 90 64 AF 7E 80 23
AC 37 18 70 67 DB F2 BB B0 21 54 D2 88 38 6B AB
66 E1 88 CE D0 91 82 22 D8 9F 92 E6 E4 32 A3 AD
E9 32 37 13 32 2F 36 1F A3 67 1F 90 3B 00 46 D3
被加密数据文件类似
如果有这个方面的恢复请求,可以随时联系我们
Phone:17813235971 Q Q:107644445
E-Mail:dba@xifenfei.com预防建议
用户应增强安全意识,完善安全防护体系,保持良好的上网习惯。建议广大用户采取如下措施应对勒索软件攻击:
1. 不要轻易打开来历不明的邮件和邮件附件;
2. 设置高强度远程桌面登录密码并妥善保管;
3. 安装防病毒软件并保持良好的病毒库升级习惯;
4. 对重要的文件还需要做好合理的备份;
5. 对内网安全域进行合理划分,各个安全域之间限制严格的ACL,限制横向移动;
6. 关闭不必要的共享权限以及端口,如:3389、445、135、139。
发表在 勒索恢复
标签为 Alco4444, all4444, china4444, Dog4444, Dragon4444, Goat4444, help4444, Horse4444, monkey4444, Pig4444, Rabbit4444, Rat4444, Rooster4444, snake4444, Tiger4444, YOUR FILES ARE ENCRYPTED, 比特币 oracle恢复, 比特币 sql 恢复, 比特币加密
评论关闭
.CHAK1 比特币加密勒索恢复
最近有朋友遇到oracle数据库被加密后缀名为.CHAK1的比特币勒索
我们通过确认,这次的破坏和上次的(比特币加密勒索间隔加密)比较类似
通过分析,此类损坏结果为:
1)1280 block 间隔加密,
2)每个加密文件前10M数据可能丢失
对于这个客户,我们通过分析,业务数据可以比较完美的恢复
如果您的数据库被比特币加密勒索,需要恢复支持请联系我们
Phone:17813235971 Q Q:107644445
E-Mail:dba@xifenfei.com
发表在 勒索恢复
标签为 .CHAK1, oracle勒索, oracle勒索病毒, YOUR FILES ARE ENCRYPTED, 勒索恢复, 比特币, 比特币 oracle, 比特币加密, 比特币勒索
评论关闭
比特币加密勒索间隔加密
最近我们在一个客户的oracle恢复case中发现比特币文件系统勒索加密比较特殊,和大家做一个分享
文件加密后缀名为:.$ILICONE
文件加密特点分析
DUL> dump datafile 5 block 1 Block Header: block type=0x0b (file header) block format=0xa2 (oracle 10) block rdba=0x01400001 (file#=5, block#=1) scn=0x0000.00000000, seq=1, tail=0x00000b01 block checksum value=0x6e7d=28285, flag=4 File Header: Db Id=0xe1891cca=3783859402, Db Name=XIFENFEI, Root Dba=0x0 Software vsn=0x0, Compatibility Vsn=0xa200300, File Size=0x3ffffe=4194302 Blocks File Type=0x3 (data file), File Number=5, Block Size=8192 Tablespace #7 - OA rel_fn:5 DUL> dump datafile 5 block 2 Block Header: block type=0x63 (unknown) block format=0x57 (unknown) block rdba=0xc6538298 (file#=793, block#=1278616) scn=0xe0ab.fdc4d8d0, seq=225, tail=0xa7b5cab5 block checksum value=0xfaa1=64161, flag=165 corrupted block. DUL> dump datafile 5 block 3 Block Header: block type=0x1e (LMT space map block) block format=0xa2 (oracle 10) block rdba=0x01400003 (file#=5, block#=3) scn=0x0000.00246fbe, seq=1, tail=0x6fbe1e01 block checksum value=0xe495=58517, flag=4 DUL> dump datafile 5 block 4 Block Header: block type=0x83 (unknown) block format=0xa3 (unknown) block rdba=0x17e4c9e4 (file#=95, block#=2410980) scn=0xe3b2.fc505eea, seq=101, tail=0x6e2f1004 block checksum value=0x7f2e=32558, flag=196 corrupted block. DUL> dump datafile 5 block 5 Block Header: block type=0x1e (LMT space map block) block format=0xa2 (oracle 10) block rdba=0x01400005 (file#=5, block#=5) scn=0x0000.00264875, seq=1, tail=0x48751e01 block checksum value=0xb25e=45662, flag=4 DUL> dump datafile 5 block 6 Block Header: block type=0x68 (unknown) block format=0x35 (unknown) block rdba=0x7011e0e3 (file#=448, block#=1171683) scn=0x47bf.9f2df54a, seq=207, tail=0x69ae0a91 block checksum value=0x49f8=18936, flag=174 corrupted block.
通过这里初步分析,确认加密是间隔方式加密,在数据库中表现明显的是每相隔8k进行加密,而且这里是偶数block被加密
确认加密文件结束位置
DUL> dump datafile 5 block 962818 header Block Header: block type=0x4d (unknown) block format=0xde (unknown) block rdba=0x0bab780d (file#=46, block#=2848781) scn=0x056b.2c695f6b, seq=223, tail=0x2399e0cb block checksum value=0x9706=38662, flag=212 corrupted block. DUL> dump datafile 5 block 962820 header Block Header: block type=0x00 (blank block) block format=0xa2 (oracle 10) block rdba=0x014eb104 (file#=5, block#=962820) scn=0x0000.00000000, seq=1, tail=0x00000001 block checksum value=0x174a=5962, flag=5
通过这里可以发现,对于一个32G的文件,一直被加密到block 962818,也就是7.34G(962818*8k),这里间隔加密,而且加密深度特别深,在以往的比特币文件系统加密中比较少见.
再次提醒
1. 不要把数据库暴露在外网
2. 相对linux而言,win更容易受到黑客的攻击
3. 数据库一定要做好备份,条件允许的情况下,配置数据实时同步到其他机器还是有必要的