A_H_README_TO_RECOVER勒索恢复
惜分飞发表于 2024-10-05 02:14:59
联系:手机/微信(+86 17813235971) QQ(107644445)
作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]
有客户mysql数据库被黑(业务数据库被删除),创建了一个A_H_README_TO_RECOVER库
[root@www.xifenfei.com ~]# mysql -uroot -pxxxxx Warning: Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 4539028 Server version: 5.6.50-log Source distribution Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show databases; +-----------------------+ | Database | +-----------------------+ | information_schema | | A_H_README_TO_RECOVER | | mysql | | performance_schema | +-----------------------+ 8 rows in set (0.00 sec) mysql> use A_H_README_TO_RECOVER; Database changed mysql> show tables; +---------------------------------+ | Tables_in_A_H_README_TO_RECOVER | +---------------------------------+ | README | +---------------------------------+ 1 row in set (0.00 sec) mysql> desc README; +------------+----------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +------------+----------+------+-----+---------+-------+ | zh_content | longtext | YES | | NULL | | | en_content | longtext | YES | | NULL | | | email | longtext | YES | | NULL | | +------------+----------+------+-----+---------+-------+ 3 rows in set (0.00 sec) mysql> select *from README ; +-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------+-------------------------+ | zh_content | en_content | email | +-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------+-------------------------+ | 请与我们联系进行数据恢复,或者你对我们的项目感兴趣,也可以与我们取得联系。未与我们联系的,数据和组织信息将会公布在国内各大平台中。联系邮件:honey_xiaowu@keemail.me | honey_xiaowu@keemail.me or honey_xiaowu@proton.me | honey_xiaowu@keemail.me | +-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------+-------------------------+ 1 row in set (0.00 sec) mysql> exit Bye
对于这类情况类似以前处理的case:
read_me_recover_tn勒索恢复
RECOVER_YOUR_DATA勒索恢复
A____Z____RECOVER____DATA勒索恢复
处理方法一般也就是先考虑os层面恢复,如果os层面无法恢复,就从block层面进行恢复,这个客户通过最终分析,恢复出来客户需要的表数据
对于类似这种A_H_README_TO_RECOVER勒索恢复,建议先对系统进行镜像或者快照,然后按照先os层面恢复,在block级别恢复的方法处理,如果无法自行解决,可以联系我们进行技术支持,最大限度抢救和数据,减少损失
电话/微信:17813235971 Q Q:107644445 E-Mail:dba@xifenfei.com
另外建议加强系统和mysql安全加固,数据库尽量不要暴露在公网上