-
加我微信
加我QQ
标签云
asm恢复 bbed bootstrap$ dul In Memory kcbzib_kcrsds_1 kccpb_sanity_check_2 kfed MySQL恢复 ORA-00312 ORA-00607 ORA-00704 ORA-01110 ORA-01555 ORA-01578 ORA-08103 ORA-600 2131 ORA-600 2662 ORA-600 2663 ORA-600 3020 ORA-600 4000 ORA-600 4137 ORA-600 4193 ORA-600 4194 ORA-600 16703 ORA-600 kcbzib_kcrsds_1 ORA-600 KCLCHKBLK_4 ORA-15042 ORA-15196 ORACLE 12C oracle dul ORACLE PATCH Oracle Recovery Tools oracle加密恢复 oracle勒索 oracle勒索恢复 oracle异常恢复 Oracle 恢复 ORACLE恢复 ORACLE数据库恢复 oracle 比特币 OSD-04016 YOUR FILES ARE ENCRYPTED 勒索恢复 比特币加密文章分类
- Others (2)
- 中间件 (2)
- WebLogic (2)
- 操作系统 (102)
- 数据库 (1,670)
- DB2 (22)
- MySQL (73)
- Oracle (1,532)
- Data Guard (52)
- EXADATA (8)
- GoldenGate (21)
- ORA-xxxxx (159)
- ORACLE 12C (72)
- ORACLE 18C (6)
- ORACLE 19C (14)
- ORACLE 21C (3)
- Oracle 23ai (7)
- Oracle ASM (65)
- Oracle Bug (8)
- Oracle RAC (52)
- Oracle 安全 (6)
- Oracle 开发 (28)
- Oracle 监听 (28)
- Oracle备份恢复 (560)
- Oracle安装升级 (91)
- Oracle性能优化 (62)
- 专题索引 (5)
- 勒索恢复 (78)
- PostgreSQL (18)
- PostgreSQL恢复 (6)
- SQL Server (27)
- SQL Server恢复 (8)
- TimesTen (7)
- 达梦数据库 (2)
- 生活娱乐 (2)
- 至理名言 (11)
- 虚拟化 (2)
- VMware (2)
- 软件开发 (37)
- Asp.Net (9)
- JavaScript (12)
- PHP (2)
- 小工具 (20)
-
最近发表
- ORA-600 krse_arc_complete.4
- Oracle 19c 202410补丁(RUs+OJVM)
- ntfs MFT损坏(ntfs文件系统故障)导致oracle异常恢复
- .mkp扩展名oracle数据文件加密恢复
- 清空redo,导致ORA-27048: skgfifi: file header information is invalid
- A_H_README_TO_RECOVER勒索恢复
- 通过alert日志分析客户自行对一个数据库恢复的来龙去脉和点评
- ORA-12514: TNS: 监听进程不能解析在连接描述符中给出的SERVICE_NAME
- ORA-01092 ORA-00604 ORA-01558故障处理
- ORA-65088: database open should be retried
- Oracle 19c异常恢复—ORA-01209/ORA-65088
- ORA-600 16703故障再现
- 数据库启动报ORA-27102 OSD-00026 O/S-Error: (OS 1455)
- .[metro777@cock.li].Elbie勒索病毒加密数据库恢复
- 应用连接错误,初始化mysql数据库恢复
- RAC默认服务配置优先节点
- Oracle 19c RAC 替换私网操作
- 监听报TNS-12541 TNS-12560 TNS-00511错误
- drop tablespace xxx including contents恢复
- Linux 8 修改网卡名称
标签归档:mysql勒索
read_me_recover_tn勒索恢复
最近有客户被MySQL删库勒索,现象如下:
1. 删除掉以前的库,并创建一个同名库,并且会创建一个read_me_recover_tn库,类似下图:
2. 在read_me_recover_tn库中有一个readme表,每个被删除然后创建的库里面也有一个readme表
3. 每个readme表内容类似信息类似:
mysql> desc readme
-> ;
+-----------------+------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------------+------+------+-----+---------+-------+
| id | int | NO | PRI | NULL | |
| Message | text | YES | | NULL | |
| Bitcoin_Address | text | YES | | NULL | |
+-----------------+------+------+-----+---------+-------+
3 rows in set (0.01 sec)
mysql> select * from readme\G;
*************************** 1. row ***************************
id: 1
Message: I have backed up all your databases. To recover them you must
pay 0.008 BTC (Bitcoin) to this address: 15f9vdGBeT1NCMp6z9NxrQEEUxnYqRPvyC .
Backup List: xxxx_db, xxxx_db_test. After your payment email me at
dbrestore3195@onionmail.org with your server IP (xx.xx.xx.xx) and transaction
ID and you will get a download link to your backup. Emails without transaction
ID and server IP will be ignored.
Bitcoin_Address: 15f9vdGBeT1NCMp6z9NxrQEEUxnYqRPvyC
1 row in set (0.00 sec)
这类勒索和我以前介绍相关文章类似:
RECOVER_YOUR_DATA勒索恢复
A____Z____RECOVER____DATA勒索恢复
处理办法也完全相同:
建议先对系统进行镜像或者快照,然后按照先os层面恢复,在block级别恢复的方法处理,如果无法自行解决,可以联系我们进行技术支持,最大限度抢救和数据,减少损失
电话/微信:17813235971 Q Q:107644445
E-Mail:dba@xifenfei.com
另外建议加强系统和mysql安全加固,数据库尽量不要暴露在公网上
A____Z____RECOVER____DATA勒索恢复
有客户MySQL数据库被黑,业务库中表被删除,并创建A____Z____RECOVER____DATA库,里面有一张readme表,内容为:
mysql> select * from readme \G;
*************************** 1. row ***************************
zh_content: 请尽快与我们取得联系,否则我们将会公布你的数据库信息在网络中,联系邮件:datacenterback@keemail.me
en_content: 请尽快与我们取得联系,否则我们将会公布你的数据库信息在网络中,联系邮件:datacenterback@keemail.me
email: datacenterback@keemail.me
1 row in set (0.00 sec)
对于这种情况,本质就是mysql drop 库或者drop表级别的恢复,通过反删除软件恢复,可惜恢复效果很差(底层发生了大量的覆盖)
对于这种情况,只能采用底层block级别恢复,通过底层扫描分析
并解析扫描结果恢复需要数据
对于类似这种A____Z____RECOVER____DATA勒索恢复,建议先对系统进行镜像或者快照,然后按照先os层面恢复,在block级别恢复的方法处理,如果无法自行解决,可以联系我们进行技术支持,最大限度抢救和数据,减少损失
电话/微信:17813235971 Q Q:107644445
E-Mail:dba@xifenfei.com另外建议加强系统和mysql安全加固,数据库尽量不要暴露在公网上
MySQL勒索恢复
最近遇到几个mysql数据库被黑客删除库,并且留下比特币勒索信息在每个库的WARNING表中
mysql> desc WARNING
-> ;
+-----------------+----------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------------+----------+------+-----+---------+-------+
| id | int(11) | YES | | NULL | |
| warning | longtext | YES | | NULL | |
| Bitcoin_Address | longtext | YES | | NULL | |
| Email | longtext | YES | | NULL | |
+-----------------+----------+------+-----+---------+-------+
4 rows in set (0.00 sec)
mysql> select * from WARNING;
+------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+------------------+
| id | warning | Bitcoin_Address | Email |
+------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+------------------+
| 1 | To recover your lost Database and avoid leaking it: Send us 0.06 Bitcoin (BTC) to our Bitcoin address 1BLYhUDmnmVPVjcTWgc6gFT6DCYwbVieUD and contact us by Email with your Server IP or Domain name and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your Database is downloaded and backed up on our servers. Backups that we have right now: xxxx,xxxxxx,xxxxxxxx,xxxxxxx . If we dont receive your payment in the next 10 Days, we will make your database public or use them otherwise. | 1BLYhUDmnmVPVjcTWgc6gFT6DCYwbVieUD | contact@sqldb.to |
+------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+------------------+
1 row in set (0.00 sec)
大概的意思就是:我们已经把你的数据库备份,您交给我们0.06个比特币,我们把数据给你,如果10天之内我们没有收到款,即将把数据库给公开或者作为其他用途.根据我们以往接触的朋友经验,付款之后数据库也不会给你(很可能黑客根本就没有备份数据库,只是删除了数据库然后勒索比特币.
对于这类情况,通过分析,确认黑客是删除了数据库,在没有覆盖的情况下,我们可以对其数据进行恢复,处理类似:MySQL drop database恢复(恢复方法同样适用MySQL drop table,delete,truncate table)最大限度缓解因为数据库被破坏带来的损失.
如果您也遭遇到该问题,请保护现场,不要导入备份数据库,不要对数据所在分区进行写操作(现场保护的越好,数据恢复效果越好),对相关磁盘进行镜像,防止二次破坏.我们可以提供专业的mysql恢复服务,为您减少损失.