[squadhack@email.tg].Devos加密数据库恢复

Posted on 2020 年 06 月 28 日 by 惜分飞

最近有朋友咨询有医院数据库文件被加密为:.id[FC1CFDC9-2700].[squadhack@email.tg].Devos

他们留的info.txt信息为

!!!All of your files are encrypted!!!
To decrypt them send e-mail to this address: squadhack@email.tg

分析被加密文件破坏情况

被加密破坏数据不多,但是由于该业务比较特殊,有大量xml类型数据,最好是open数据库,然后导出数据,通过底层对损坏部分进行分析,open数据库成功,最大限度减少损失(对个别损坏表进行单独处理按照rowid/pk进行处理)

我们有大量类似数据文件被加密经验,如果您遇到此类加密情况,需要解决,可以联系我们,提供专业数据库恢复支持
Phone:13429648788 Q Q:107644445 E-Mail:dba@xifenfei.com

.WECANHELP加密数据库恢复

Posted on 2020 年 01 月 17 日 by 惜分飞

联系：手机/微信(+86 13429648788) QQ(107644445)

标题：.WECANHELP加密数据库恢复

接到网络恢复请求,oracle dmp文件被加密,文件名为:2020_01_10_16_00_00.DMP.id_2251820718_.WECANHELP,_RESTORE FILES_.txt文件内容为:

*** ALL YOUR WORK AND PERSONAL FILES HAVE BEEN ENCRYPTED ***
To decrypt your files you need to buy the special software ?"Nemesis decryptor"
You can find out the details/buy decryptor + key/ask questions by email: 
        wecanhelpyou@elude.in, w3canh3lpy0u@cock.li OR wecanh3lpyou2@cock.li
IMPORTANT!
DON'T TRY TO RESTORE YOU FILES BY YOUR SELF, YOU CAN DAMAGE FILES!
If within 24 hours you did not receive an answer by email, be sure to write to Jabber: icanhelp@xmpp.jp
Your personal ID: 2251820718

通过对加密的dmp进行分析

我们确定,可以通过数据库技术层面对其进行恢复,实现最大限度抢救客户数据