read_me_recover_tn勒索恢复
惜分飞发表于 2024-05-09 16:42:12
联系:手机/微信(+86 17813235971) QQ(107644445)
作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]
最近有客户被MySQL删库勒索,现象如下:
1. 删除掉以前的库,并创建一个同名库,并且会创建一个read_me_recover_tn库,类似下图:
2. 在read_me_recover_tn库中有一个readme表,每个被删除然后创建的库里面也有一个readme表
3. 每个readme表内容类似信息类似:
mysql> desc readme
-> ;
+-----------------+------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------------+------+------+-----+---------+-------+
| id | int | NO | PRI | NULL | |
| Message | text | YES | | NULL | |
| Bitcoin_Address | text | YES | | NULL | |
+-----------------+------+------+-----+---------+-------+
3 rows in set (0.01 sec)
mysql> select * from readme\G;
*************************** 1. row ***************************
id: 1
Message: I have backed up all your databases. To recover them you must
pay 0.008 BTC (Bitcoin) to this address: 15f9vdGBeT1NCMp6z9NxrQEEUxnYqRPvyC .
Backup List: xxxx_db, xxxx_db_test. After your payment email me at
dbrestore3195@onionmail.org with your server IP (xx.xx.xx.xx) and transaction
ID and you will get a download link to your backup. Emails without transaction
ID and server IP will be ignored.
Bitcoin_Address: 15f9vdGBeT1NCMp6z9NxrQEEUxnYqRPvyC
1 row in set (0.00 sec)
这类勒索和我以前介绍相关文章类似:
RECOVER_YOUR_DATA勒索恢复
A____Z____RECOVER____DATA勒索恢复
处理办法也完全相同:
建议先对系统进行镜像或者快照,然后按照先os层面恢复,在block级别恢复的方法处理,如果无法自行解决,可以联系我们进行技术支持,最大限度抢救和数据,减少损失
电话/微信:17813235971 Q Q:107644445 E-Mail:dba@xifenfei.com
另外建议加强系统和mysql安全加固,数据库尽量不要暴露在公网上