LockBit病毒oracle数据库恢复

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:LockBit病毒oracle数据库恢复

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

有一客户emr库文件被勒索加密
20211229215328


Restore-My-Files.txt文件内容

LockBit 2.0 Ransomware

Your data are stolen and encrypted
The data will be published on TOR website http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
 and https://bigblog.at if you do not pay the ransom
You can contact us and decrypt one file for free on these TOR sites

http://lockbitsup4yezcd5enk5unncx3zcy7kw6wllyqmiyhvanjj352jayid.onion


http://lockbitsap2oaqhcun3syvbqt6n5nzt7fqosc6jdlmsfleu3ka4k2did.onion

OR

https://decoding.at

Decryption ID: 6AECC4637C3D17FC6197EEE5B6D3BDF5

通过工具检查破坏情况,发现该病毒是间隔加密破坏
20211229215722


该库比较特殊由于核心表含有xml字段(核心数据),一般工具无法正常恢复这种数据,对于这种情况,通过我们开发的勒索小工具进行恢复
20211229220227

然后打开数据库,导出数据
20211228201249
20211228201326