Satan cryptoy ransomware virus, good depressed, all the file suffix plus. Satan, check log 3 o'clock in the morning, the database is completely destroyed, along with the dump file suffix was changed to. Satan Encrypted, the ransomware dialog prompts for 0.5 bitcoin.
I'm talking about my side of the analysis and recovery situation.
Our database is a daily dump, from the encrypted dump file analysis, found that the virus has a very magical place:
1, for large files, not full file encryption, such as 10G files, he may cut into 4G files, encryption part is only a paragraph, but the remaining 6G content is gone.
2, the encryption part is not necessarily the file itself, for example, there are two files A and B,a encryption part from the B.
The above, the online technical staff said encryption files can not be restored. From my analysis of the situation, even to the author Bitcoin can not be restored.
I decrypted the dump file and found that the source content of the encrypted part should be other files, and now even if decrypted, the database cannot be recovered.
But I tidy up the server found that there is a dump file is not encrypted, and the encrypted full-Library dump, only 4G files, but fortunately the need for the part is not encrypted (new data, fortunately not many), oh, yeah.
So, you know, dump the required table binary content to re-make a new dump, restore it to a new database, and call it a year.