联系:手机/微信(+86 17813235971) QQ(107644445)
作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]
通过分析,数据库加密损坏部分较少,可以对其进行恢复
![20211124163701](https://www.xifenfei.com/wp-content/uploads/2021/11/20211124163701.png)
通过技术处理,表数据正常恢复
![20211124164656](https://www.xifenfei.com/wp-content/uploads/2021/11/20211124164656.png)
如果此类的数据库(oracle,mysql,sql server)等被加密,需要专业恢复技术支持,请联系我们:
电话/微信:17813235971 Q Q:107644445
![QQ咨询惜分飞 QQ咨询惜分飞](https://www.xifenfei.com/wp-content/themes/img/site_qq.jpg)
联系:手机/微信(+86 17813235971) QQ(107644445)
作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]
联系:手机/微信(+86 17813235971) QQ(107644445)
作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]
接到一个客户的oracle数据文件被加密的恢复请求,文件被加密为扩展名为:.id[76B8C076-3009].[decrypt20@firemail.cc].eking,通过底层分析,确认该文件被加密破坏较少
联系:手机/微信(+86 17813235971) QQ(107644445)
作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]
最近有一些朋友咨询了几种oracle数据库被加密的勒索病毒,我们都可以通过工具修复实现数据库直接open,数据使用exp/expdp导出,实现数据近似完美恢复,业务直接测试正常,远比各种工具直接导出数据效果要好很多.比如以下几种:
.id[A6B00388-2930].[Ransomwaree2020@cock.li].eking
联系:手机/微信(+86 17813235971) QQ(107644445)
作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]
有oracle数据库被加密扩展名为:.[77C81F29].[Evilminded@privatemail.com].makop
联系:手机/微信(+86 17813235971) QQ(107644445)
作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]
又一客户数据库被勒索病毒加密,扩展名为:.id[32D2A259-3147].[mikolio@cock.li].eking
E:\BaiduNetdiskDownload>dir *.eking 驱动器 E 中的卷是 SSD 卷的序列号是 98A5-7F8E E:\BaiduNetdiskDownload 的目录 2021-05-04 01:55 162,604,986,658 ORACLEBAK20210503.DMP.id[32D2A259-3147].[mikolio@cock.li].eking 1 个文件 162,604,986,658 字节 0 个目录 262,026,616,832 可用字节
联系:手机/微信(+86 17813235971) QQ(107644445)
作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]
接到朋友一个oracle数据库被加密的恢复请求,被加密文件为:
-------=== Your network has been infected! ===------- *****************DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .BCdadccBEA You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- MjQ4Ni1VeE5hL2hSVzJVeXU0Wm1CeHhhdDFLUDVGWTlqMnJFekZlczd3NlVFdnBROHYz………… -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * YHSKC2aqLa0A1xzn
通过底层分析坏块情况,确认只是对文件头的127个block进行了破坏
由于客户是10g的版本,无法实现直接open库,然后expdp/exp导出数据.通过底层技术,直接恢复数据到新库,然后处理非表数据(index,view,proc,sequence等),实现最大限度恢复客户数据,最大程度减少客户整合数据的工作量
联系:手机/微信(+86 17813235971) QQ(107644445)
标题:.Globeimposter-Beta666qqz扩展名数据库加密恢复
作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]
又接一医院客户请求,多套win系统被勒索病毒加密,其中有几套是oracle数据库,请求我们进行分析,确认是否可以恢复.
HOW TO BACK YOUR FILES.txt文件信息
YOUR FILES ARE ENCRYPTED !!! TO DECRYPT, FOLLOW THE INSTRUCTIONS: To recover data you need decrypt tool. To get the decrypt tool you should: 1.In the letter include your personal ID! Send me this ID in your first email to me! 2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files! 3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool! 4.We can decrypt few files in quality the evidence that we have the decoder. DO NOT TRY TO DO SOMETHING WITH YOUR FILES BY YOURSELF YOU WILL BRAKE YOUR DATA !!! ONLY WE ARE CAN HELP YOU! CONTACT US: China.Helper@aol.com ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YOU HAVE TO SEND IN FIRST LETTER: Tq rx zo f3 B1 Eg S/ m1 SI Yw KS av ip Js /5 oU uk FL LY Wa pF P1 Dc ss 8l dU cl pE xe Sa Gw oC Fq /+ rF dz D3 DU Pz S6 6e uB M5 Wx zD 3C DW EC nk 1I V1 rf zK R4 36 tq 7o bJ rK Rq 81 ib hf lh +8 Oz rR 4g VM rz FH ST rJ ve 1S K2 PN FL 7I Gg yp Wq vv 1j V8 Fz vN 0x y9 l2 Ig Ql fD lK MJ +H Vw WV 80 FY /s OE oG 9V nC TY Ys Zd nQ is T2 Bw U4 cK yM km OB Ko 8p Yg g/ DA 5N S+ DX e5 /v 0s A9 Ae B6 Q1 aO Q9 gN 5/ pg HA LS jD 50 1K p6 Jn T0 g4 MR Gp 3L l4 GM Fv rD Pq gC pp Tf kz 4k vh ZG rz SB CD 1f lh M5 UA QI mn ky CG es re GI qc 7s 7h aZ /B sR 6V yn /I xC h7 Xc oR 4G uQ ZC DU Bs Ij AI 1f 0c w0 Y7 Vd xy FI R2 lz L1 8r dK lF zS SM CK Mb Rm wo EQ ht ht zj 1m R0 NM 0W 0T lA 9A AP vl dA dB XA Fx cH iR ux C8 Hn uv B9 H0 tk 0J Ph Cn VZ S+ 6b NT BT YZ jC Wf ah Ml N5 q6 FS uZ Tk 5o 0+ Sq 3c lZ 0a SH LR nW jn 1f A2 rg k6 jx qq eD T1 GT 6w cC 6C TP 3j 6Z KV 6D 1N tS Jo p/ Sl DB J2 yD Q1 u5 Y7 GS E9 /c kh U6 r8 QP wy jU Fa +Y Um TZ Mo PY gQ /L pj 5d QD EK A8 g2 qY 8Z 1d Np 3M qm Ri Sf Nc IT cN 2O Uj Ou Gw DZ H3 Wb Lo BV mE wZ 4=
联系:手机/微信(+86 17813235971) QQ(107644445)
作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]
最近接到客户几套oracle数据库所在的机器文件被加密,readme-warning.txt内容如下
::: Greetings ::: Little FAQ: .1. Q: Whats Happen? A: Your files have been encrypted and now have the "makop" extension. The file structure was not damaged, we did everything possible so that this could not happen. .2. Q: How to recover files? A: If you wish to decrypt your files you will need to pay in bitcoins. .3. Q: What about guarantees? A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests. To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc... not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee. .4. Q: How to contact with you? A: You can write us to our mailbox: Evilminded@privatemail.com .5. Q: How will the decryption process proceed after payment? A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files. .6. Q: If I don抰 want to pay bad people like you? A: If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice - time is much more valuable than money. :::BEWARE::: DON'T try to change encrypted files by yourself! If you will try to use any third party software for restoring your data or antivirus solutions - please make a backup for all encrypted files! Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.
联系:手机/微信(+86 17813235971) QQ(107644445)
作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]
联系:手机/微信(+86 17813235971) QQ(107644445)
标题:[star-new@email.tg].Devos加密数据库恢复
作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]
有客户咨询win服务器数据库被文件系统加密病毒加密,有oracle数据库文件也被加密,请求我们给予恢复支持,加密结果如下: