.makop加密数据库恢复

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:.makop加密数据库恢复

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

接到一起sql server数据库被勒索病毒加密恢复请求
20211124162221

通过分析,数据库加密损坏部分较少,可以对其进行恢复
20211124163701
通过技术处理,表数据正常恢复
20211124164656
如果此类的数据库(oracle,mysql,sql server)等被加密,需要专业恢复技术支持,请联系我们:
电话/微信:17813235971    Q Q:107644445QQ咨询惜分飞    E-Mail:dba@xifenfei.com

.eking加密数据库恢复

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:.eking加密数据库恢复

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

接到一个客户的oracle数据文件被加密的恢复请求,文件被加密为扩展名为:.id[76B8C076-3009].[decrypt20@firemail.cc].eking,通过底层分析,确认该文件被加密破坏较少
20211124155338

通过自研的工具对数据文件进行恢复
20211124154524
实现数据库正常open,并使用exp进行导出
20211124161434
如果此类的数据库(oracle,mysql,sql server)等被加密,需要专业恢复技术支持,请联系我们:
电话/微信:17813235971    Q Q:107644445QQ咨询惜分飞    E-Mail:dba@xifenfei.com

最近几种勒索病毒加密数据库可完美恢复

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:最近几种勒索病毒加密数据库可完美恢复

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

最近有一些朋友咨询了几种oracle数据库被加密的勒索病毒,我们都可以通过工具修复实现数据库直接open,数据使用exp/expdp导出,实现数据近似完美恢复,业务直接测试正常,远比各种工具直接导出数据效果要好很多.比如以下几种:
.id[A6B00388-2930].[Ransomwaree2020@cock.li].eking
20211026231753

.id[BCD26C0D-3009].[decrypt20@firemail.cc].eking
20211026232009
.hospitalhelper.17E-D66-320
20211026232144
对于类似这些病毒,我们可以通过工具修复实现数据库直接open
20211026231633
如果此类的数据库(oracle,mysql,sql server)等被加密,需要专业恢复技术支持,请联系我们:
电话/微信:17813235971    Q Q:107644445QQ咨询惜分飞    E-Mail:dba@xifenfei.com

.makop加密数据库恢复

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:.makop加密数据库恢复

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

有oracle数据库被加密扩展名为:.[77C81F29].[Evilminded@privatemail.com].makop
20211009230012
20211009230342

通过检查发现数据文件损坏情况
20211009230553
基于以上的情况,通过工具快速恢复,然后正常open库,并且导入到新库中
20211009230429
20211009231139
客户测试业务,一切正常,数据基本没丢失(redo数据丢失)
20211009231328
如果此类的数据库(oracle,mysql,sql server)等被加密,需要专业恢复技术支持,请联系我们:
电话/微信:17813235971    Q Q:107644445QQ咨询惜分飞    E-Mail:dba@xifenfei.com

oracle dmp被加密为.eking扩展名恢复

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:oracle dmp被加密为.eking扩展名恢复

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

又一客户数据库被勒索病毒加密,扩展名为:.id[32D2A259-3147].[mikolio@cock.li].eking

E:\BaiduNetdiskDownload>dir *.eking
 驱动器 E 中的卷是 SSD
 卷的序列号是 98A5-7F8E

 E:\BaiduNetdiskDownload 的目录

2021-05-04  01:55   162,604,986,658 ORACLEBAK20210503.DMP.id[32D2A259-3147].[mikolio@cock.li].eking
               1 个文件 162,604,986,658 字节
               0 个目录 262,026,616,832 可用字节

通过分析,确认只是少了的dmp数据被破坏
20210509174037

通过expdp dmp被加密破坏恢复工具进行恢复,实现绝大多数数据的完美恢复
20210509210046
如果此类的数据库(oracle,mysql,sql server)等被加密,需要专业恢复技术支持,请联系我们:
电话/微信:17813235971    Q Q:107644445QQ咨询惜分飞    E-Mail:dba@xifenfei.com

Avaddon勒索病毒数据库恢复

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:Avaddon勒索病毒数据库恢复

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

接到朋友一个oracle数据库被加密的恢复请求,被加密文件为:
20210505193114

read.txt文件中信息

-------===    Your network has been infected!    ===-------





*****************DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED*****************





All your documents, photos, databases and other important 

files have been encrypted and have the extension: .BCdadccBEA



You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!



The only way to restore your files is to buy our special software. 
Only we can give you this software and only we can restore your files!



We have also downloaded a lot of private data from your network.

If you do not contact as in a 3 days we will post information about your breach 
on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info.



You can get more information on our page, which is located in a Tor hidden network.





How to get to our page

--------------------------------------------------------------------------------

|

|  1. Download Tor browser - https://www.torproject.org/

|

|  2. Install Tor browser

|

|  3. Open link in Tor browser - avaddonbotrxmuyl.onion

|

|  4. Follow the instructions on this page

|

--------------------------------------------------------------------------------



Your ID:

--------------------------------------------------------------------------------



MjQ4Ni1VeE5hL2hSVzJVeXU0Wm1CeHhhdDFLUDVGWTlqMnJFekZlczd3NlVFdnBROHYz…………



--------------------------------------------------------------------------------



* DO NOT TRY TO RECOVER FILES YOURSELF!



* DO NOT MODIFY ENCRYPTED FILES!



* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *

YHSKC2aqLa0A1xzn

通过底层分析坏块情况,确认只是对文件头的127个block进行了破坏
20210505192823
由于客户是10g的版本,无法实现直接open库,然后expdp/exp导出数据.通过底层技术,直接恢复数据到新库,然后处理非表数据(index,view,proc,sequence等),实现最大限度恢复客户数据,最大程度减少客户整合数据的工作量
20210505194153

如果此类的数据库文件(oracle,mysql,sql server)等被加密,需要专业恢复技术支持,请联系我们:
电话/微信:17813235971    Q Q:107644445QQ咨询惜分飞    E-Mail:dba@xifenfei.com

.Globeimposter-Beta666qqz扩展名数据库加密恢复

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:.Globeimposter-Beta666qqz扩展名数据库加密恢复

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

又接一医院客户请求,多套win系统被勒索病毒加密,其中有几套是oracle数据库,请求我们进行分析,确认是否可以恢复.
HOW TO BACK YOUR FILES.txt文件信息

                   YOUR FILES ARE ENCRYPTED !!!

TO DECRYPT, FOLLOW THE INSTRUCTIONS:

To recover data you need decrypt tool.

To get the decrypt tool you should:

1.In the letter include your personal ID! Send me this ID in your first email to me!
2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files!
3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool! 
4.We can decrypt few files in quality the evidence that we have the decoder.


 DO NOT TRY TO DO SOMETHING WITH YOUR FILES BY YOURSELF YOU WILL BRAKE YOUR DATA !!! ONLY WE ARE CAN HELP YOU! CONTACT US:

China.Helper@aol.com

                   ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YOU HAVE TO SEND IN FIRST LETTER:

Tq rx zo f3 B1 Eg S/ m1 SI Yw KS av ip Js /5 oU
uk FL LY Wa pF P1 Dc ss 8l dU cl pE xe Sa Gw oC
Fq /+ rF dz D3 DU Pz S6 6e uB M5 Wx zD 3C DW EC
nk 1I V1 rf zK R4 36 tq 7o bJ rK Rq 81 ib hf lh
+8 Oz rR 4g VM rz FH ST rJ ve 1S K2 PN FL 7I Gg
yp Wq vv 1j V8 Fz vN 0x y9 l2 Ig Ql fD lK MJ +H
Vw WV 80 FY /s OE oG 9V nC TY Ys Zd nQ is T2 Bw
U4 cK yM km OB Ko 8p Yg g/ DA 5N S+ DX e5 /v 0s
A9 Ae B6 Q1 aO Q9 gN 5/ pg HA LS jD 50 1K p6 Jn
T0 g4 MR Gp 3L l4 GM Fv rD Pq gC pp Tf kz 4k vh
ZG rz SB CD 1f lh M5 UA QI mn ky CG es re GI qc
7s 7h aZ /B sR 6V yn /I xC h7 Xc oR 4G uQ ZC DU
Bs Ij AI 1f 0c w0 Y7 Vd xy FI R2 lz L1 8r dK lF
zS SM CK Mb Rm wo EQ ht ht zj 1m R0 NM 0W 0T lA
9A AP vl dA dB XA Fx cH iR ux C8 Hn uv B9 H0 tk
0J Ph Cn VZ S+ 6b NT BT YZ jC Wf ah Ml N5 q6 FS
uZ Tk 5o 0+ Sq 3c lZ 0a SH LR nW jn 1f A2 rg k6
jx qq eD T1 GT 6w cC 6C TP 3j 6Z KV 6D 1N tS Jo
p/ Sl DB J2 yD Q1 u5 Y7 GS E9 /c kh U6 r8 QP wy
jU Fa +Y Um TZ Mo PY gQ /L pj 5d QD EK A8 g2 qY
8Z 1d Np 3M qm Ri Sf Nc IT cN 2O Uj Ou Gw DZ H3
Wb Lo BV mE wZ 4=

被加密文件类似
20210403180555

通过底层分析,只是小部分数据被加密破坏
20210403180929
这个客户相对比较幸运,他们有3月19日的备份,通过结合备份,实现比较好的效果数据恢复
如果此类的数据库文件(oracle,mysql,sql server)等被加密,需要专业恢复技术支持,请联系我们:
电话/微信:17813235971    Q Q:107644445QQ咨询惜分飞    E-Mail:dba@xifenfei.com

.makop病毒加密数据库恢复

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:.makop病毒加密数据库恢复

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

最近接到客户几套oracle数据库所在的机器文件被加密,readme-warning.txt内容如下

::: Greetings :::


Little FAQ:
.1. 
Q: Whats Happen?
A: Your files have been encrypted and now have the "makop" extension. The file structure was not damaged, we did everything possible so that this could not happen.

.2. 
Q: How to recover files?
A: If you wish to decrypt your files you will need to pay in bitcoins.

.3. 
Q: What about guarantees?
A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc... not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee.

.4.
Q: How to contact with you?
A: You can write us to our mailbox: Evilminded@privatemail.com

.5.
Q: How will the decryption process proceed after payment?
A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files.

.6.
Q: If I don抰 want to pay bad people like you?
A: If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice - time is much more valuable than money.



:::BEWARE:::
DON'T try to change encrypted files by yourself! 
If you will try to use any third party software for restoring your data or antivirus solutions - please make a backup for all encrypted files!
Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.

通过对数据库文件进行分析,可以恢复
20210327185837

通过恢复工具进行处理,直接open数据库,并导入新库
20210327190400
20210327190633
如果此类的数据库文件(oracle,mysql,sql server)等被加密,需要专业恢复技术支持,请联系我们:
电话/微信:17813235971    Q Q:107644445QQ咨询惜分飞    E-Mail:dba@xifenfei.com

.eking扩展名数据库恢复

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:.eking扩展名数据库恢复

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

又一个朋友数据库文件被加密
20210319212054

通过底层分析发现损坏较少
20210319211553
通过自研的oracle数据库比特币加密文件恢复工具处理
20210319231718
实现数据库顺利open,并使用expdp导出数据
20210319231855
如果此类的数据库文件(oracle,mysql,sql server)等被加密,需要专业恢复技术支持,请联系我们:
电话/微信:17813235971    Q Q:107644445QQ咨询惜分飞    E-Mail:dba@xifenfei.com

[star-new@email.tg].Devos加密数据库恢复

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:[star-new@email.tg].Devos加密数据库恢复

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

有客户咨询win服务器数据库被文件系统加密病毒加密,有oracle数据库文件也被加密,请求我们给予恢复支持,加密结果如下:
20210306085626

显示勒索信息
star-new@email.tg
我们通过专业工具分析,确认每个文件破坏192个block(分多段破坏),整体数据都还存在
20210306090511
通过自研工具对其数据文件进行恢复
20210306090755
然后通过技术手段,顺利open数据库,确认含xml字段表正常
20210306085900
导入数据到新库,完成本次数据库恢复工作,实现数据最大程度恢复,而且客户那边直接可以使用,有此类勒索病毒加密的数据库(sql,mysql,oracle)我们可以提供数据库级别恢复服务