标签归档:加密数据库恢复

.Globeimposter-Beta666qqz扩展名数据库加密恢复

又接一医院客户请求,多套win系统被勒索病毒加密,其中有几套是oracle数据库,请求我们进行分析,确认是否可以恢复.
HOW TO BACK YOUR FILES.txt文件信息

                   YOUR FILES ARE ENCRYPTED !!!

TO DECRYPT, FOLLOW THE INSTRUCTIONS:

To recover data you need decrypt tool.

To get the decrypt tool you should:

1.In the letter include your personal ID! Send me this ID in your first email to me!
2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files!
3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool! 
4.We can decrypt few files in quality the evidence that we have the decoder.


 DO NOT TRY TO DO SOMETHING WITH YOUR FILES BY YOURSELF YOU WILL BRAKE YOUR DATA !!! ONLY WE ARE CAN HELP YOU! CONTACT US:

China.Helper@aol.com

                   ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YOU HAVE TO SEND IN FIRST LETTER:

Tq rx zo f3 B1 Eg S/ m1 SI Yw KS av ip Js /5 oU
uk FL LY Wa pF P1 Dc ss 8l dU cl pE xe Sa Gw oC
Fq /+ rF dz D3 DU Pz S6 6e uB M5 Wx zD 3C DW EC
nk 1I V1 rf zK R4 36 tq 7o bJ rK Rq 81 ib hf lh
+8 Oz rR 4g VM rz FH ST rJ ve 1S K2 PN FL 7I Gg
yp Wq vv 1j V8 Fz vN 0x y9 l2 Ig Ql fD lK MJ +H
Vw WV 80 FY /s OE oG 9V nC TY Ys Zd nQ is T2 Bw
U4 cK yM km OB Ko 8p Yg g/ DA 5N S+ DX e5 /v 0s
A9 Ae B6 Q1 aO Q9 gN 5/ pg HA LS jD 50 1K p6 Jn
T0 g4 MR Gp 3L l4 GM Fv rD Pq gC pp Tf kz 4k vh
ZG rz SB CD 1f lh M5 UA QI mn ky CG es re GI qc
7s 7h aZ /B sR 6V yn /I xC h7 Xc oR 4G uQ ZC DU
Bs Ij AI 1f 0c w0 Y7 Vd xy FI R2 lz L1 8r dK lF
zS SM CK Mb Rm wo EQ ht ht zj 1m R0 NM 0W 0T lA
9A AP vl dA dB XA Fx cH iR ux C8 Hn uv B9 H0 tk
0J Ph Cn VZ S+ 6b NT BT YZ jC Wf ah Ml N5 q6 FS
uZ Tk 5o 0+ Sq 3c lZ 0a SH LR nW jn 1f A2 rg k6
jx qq eD T1 GT 6w cC 6C TP 3j 6Z KV 6D 1N tS Jo
p/ Sl DB J2 yD Q1 u5 Y7 GS E9 /c kh U6 r8 QP wy
jU Fa +Y Um TZ Mo PY gQ /L pj 5d QD EK A8 g2 qY
8Z 1d Np 3M qm Ri Sf Nc IT cN 2O Uj Ou Gw DZ H3
Wb Lo BV mE wZ 4= 

被加密文件类似
20210403180555


通过底层分析,只是小部分数据被加密破坏
20210403180929

这个客户相对比较幸运,他们有3月19日的备份,通过结合备份,实现比较好的效果数据恢复
如果此类的数据库文件(oracle,mysql,sql server)等被加密,需要专业恢复技术支持,请联系我们:
电话/微信:17813235971    Q Q:107644445QQ咨询惜分飞    E-Mail:dba@xifenfei.com

发表在 勒索恢复 | 标签为 , , , | 评论关闭

.makop病毒加密数据库恢复

最近接到客户几套oracle数据库所在的机器文件被加密,readme-warning.txt内容如下

::: Greetings :::


Little FAQ:
.1. 
Q: Whats Happen?
A: Your files have been encrypted and now have the "makop" extension. The file structure was not damaged, we did everything possible so that this could not happen.

.2. 
Q: How to recover files?
A: If you wish to decrypt your files you will need to pay in bitcoins.

.3. 
Q: What about guarantees?
A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc... not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee.

.4.
Q: How to contact with you?
A: You can write us to our mailbox: Evilminded@privatemail.com

.5.
Q: How will the decryption process proceed after payment?
A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files.

.6.
Q: If I don抰 want to pay bad people like you?
A: If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice - time is much more valuable than money.



:::BEWARE:::
DON'T try to change encrypted files by yourself! 
If you will try to use any third party software for restoring your data or antivirus solutions - please make a backup for all encrypted files!
Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.

通过对数据库文件进行分析,可以恢复
20210327185837


通过恢复工具进行处理,直接open数据库,并导入新库
20210327190400

20210327190633

如果此类的数据库文件(oracle,mysql,sql server)等被加密,需要专业恢复技术支持,请联系我们:
电话/微信:17813235971    Q Q:107644445QQ咨询惜分飞    E-Mail:dba@xifenfei.com

发表在 勒索恢复 | 标签为 , , , , , | 评论关闭

helpservis@horsefucker.org加密恢复

最近有客户环境中大量服务器被感染类似如下病毒,邮箱为:helpservis@horsefucker.org,每个机器不一样的id,使用该id为文件后缀名
20191222182600
16进制方式打开文件头发现破坏如下
20191222182709


进一步分析发现文件中依旧有大量block没有被破坏
20191222182727

经过分析我们基本上可以较为完美的恢复该病毒加密数据库(sql server,oracle等)
20191222184051

这类的数据库加密,我们可以直接通过解密处理,恢复之后基本立即可用.如果需要可以联系我们从底层进行恢复:Phone:17813235971    Q Q:107644445QQ咨询惜分飞    E-Mail:dba@xifenfei.com

发表在 勒索恢复 | 标签为 , , , | 评论关闭