rm mysql datadir recovery

Received a friend’s request to delete the datadir directory of the mysql database. The database is currently running, but many operations can no longer be performed normally.
The database can log in, but no business database can be seen, you can query it in conjunction with the table name

[root@hy-db-xff-s-110 mysql3306]# mysql -uroot -ptSQghoV^J1GE^U8*wPElImv5
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 443214
Server version: 5.7.21-log MySQL Community Server (GPL)

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)

mysql> select count(1) from xifenfei.orders;
+----------+
| count(1) |
+----------+
| 16451326 |
+----------+
1 row in set (4.17 sec)

Data cannot be exported (into outfile does not work due to the default of the secure-file-priv parameter)

mysql> select * from xifenfei.orders into outfile '/bakcup/orders_new.sql' 
   FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"' LINES TERMINATED BY '\n';
ERROR 1290 (HY000): The MySQL server is running with the --secure-file-priv option so it cannot execute this statement

[root@hy-db-cps-s-110 fd]# mysqldump  -uroot -pwww.xifenfei.com xifenfei orders >/linshi/1.sql
mysqldump: [Warning] Using a password on the command line interface can be insecure.
mysqldump: Got error: 1049: Unknown database 'xifenfei' when selecting the database

Because mysql has no crash, the related files already exist (not really deleted)
rm_mysql_ibd


Use this method to restore the relevant data files to the new server, and then try to start the database. It is found that the database cannot be started normally. Some files are lost. Finally, the individual ibds are processed separately.[MySQL Recovery]mysql ibd file recoveryTo achieve the recovery of most data, for some data that cannot be recovered by this method, if the disk level is not covered, you can first recover according to the os level method, refer to:extundeleteRecover Linux deleted files,If this method also fails to recover normally, you can try database disk fragmentation level recovery: MySQL drop database recovery (recovery method also applies to MySQL drop table, delete, truncate table)

.[hardlog@protonmail.com].harma encrypted database recovery

Some friends continue to find us. Their old encrypted library needs to be restored, and the extension is similar.id-02A15898.[Hardlog@protonmail.com].harma
 20200214155103


Through analysis, it was found that the virus directly emptied part of the block.I did not want some previous viruses to encrypt the block, but luck was good, and there was still a lot of data that was not destroyed.
 20200214155240
 20200214155304


Over 99% recovery of data through a series of underlying processing
 20200214155659


If you encounter a database that is similar to an encryption virus and encrypted (oracle, mysql, sql server), you can contact us to achieve a better recovery effect without paying the hacker (Unsuccessful recovery without charge)
E-Mail:chf.dba@gmail.comProvide professional decryption recovery services.

Oracle Extreme Recovery Support

All Oracle database recovery work that can be done by similar dul tools (including original and third-party tools), we can provide recovery support through the service, and it is charged after the data is successfully restored, and it is not charged if the recovery is not successful

  • Bypass Oracle’s database engine, extracting data directly at the block level.
  • Supports ASM can unload data directly from ASM disks even all the diskgroups are dismounted.
  • Supports extract files of any type directly from ASM disks even all the diskgroups are dismounted, including datafile, redo log, archive log, etc.
  • In severe ASM disk corruption cases (for example, file directory is totally corrupted), can scan ASM disks, extract all the datafiles which are not overwritten, and then recover all the data.
  • Supports Oracle RDBMS versions 7, 8i, 9i, 10g, 11g, 12c, 18c, 19c
  • Supports multiple database platforms, including AIX, LINUX, HPUX, SOLARIS, WINDOWS and so on. Supports cross-platform unloading, for example unloading AIX based datafiles on a Windows host.
  • Supported data types: NUMBER, CHAR, VARCHAR2, NCHAR, NVARHCAR2, LONG, DATE, RAW, LONG RAW, BLOB, CLOB, TIMESTAMP (9i +), BINARY FLOAT, BINARY DOUBLE (10g +), XMLTYPE
  • Fully support LOB:
    • Supports CLOB, NCLOB and BLOB
    • Supports CLOB big endian and little endian byte order
    • Supports partitioned and subpartioned LOBs
    • Supports different chunk sizes of different LOB columns in the same table
    • CLOB data can be exported to the same file with other columns, or stored in a separate file
    • LOBs are still be able to export even the SYSTEM tablespace is not available
    • LOBs are still be able to export even the associated lob index is corrupted
    • Supports recover SecureFile LOB in Oracle 11g and above versions (currently does not support compression, deduplication and encryption SecureFile LOB)
  • Supports various types of tables, including ordinary HEAP table, IOT table, CLUSTER table.
  • Supports IOT, supported IOT types are:
    • Ordinary IOT
    • Compressed IOT
    • IOT with overflow segments
    • Partitioned and subpartitioned IOT
    • IOT’s are only supported when SYSTEM is available
  • Supports compressed table.
  • Supports data recovery after truncate table.
  • Supports data recovery after drop table.
  • Automatic acquisition of data dictionary information if SYSTEM tablespace is not totally corrupted.
  • Supports data recovery in the absence of SYSTEM tablespace and data dictionary corruption. If data dictionary is not available, can automatically determine the data type of a data column.
  • Supports BigFile tablespace in Oracle 10g and above.
  • Fully support for 64-bit systems, supports more than 4G size of the datafiles.
  • Supports bad file copy even the operating system command (for example, cp) can not copy successfully.
  • Supports different block size of datafiles in the same database.
  • Supports conversion between various character sets, can convert CLOB, NCLOB, NVARCHAR2 column type of data to the specified character set correctly.
  • Auto detection of tablespace number, file number and block size of datafiles.
  • Exported data formats include plain text, exp dmp and expdp dmp files. When exporting in plain text, you can automatically generate SQL statements for building tables and control files required for SQL * Loader import
  • Simulated dump block function of the Oracle, can dump data blocks from datafiles.
  • Supports DESC command to a table to display the column definition.
  • Supports list all table partitions and subpartions.
  • Supports recover accidentally deleted data, even if the table where the data is deleted has LOB columns, even if all the deleted rows’ offsets in corresponding row directory are completely cleared by Oracle.
  • Supports table creation statements, stored procedures, views, functions, packages, indexes, constraints, and other non-data recovery

savemydata@qq.com encrypted database recovery

Recently encountered customer Oracle file is encrypted with suffix name:.id-BE19A09A.[savemydata@qq.com].harma
1


The corresponding txt file is:
2


Through analysis, it is determined that the encryption is to segment the data file to process the encryption destruction. Through the analysis of the oracle dictionary storage information and the corresponding data storage relationship, open the database and skip the segmented encrypted part to achieve a more complete database recovery.
3


For the sql server database, if it is unfortunately encrypted by this type of virus, it can also achieve a more perfect recovery at the database level, reduce losses as much as possible, and do not help the hacker’s rampant behavior (that is, do not give them Bitcoin)

.YOUR_LAST_CHANCE encrypted database recovery

Recently, a friend reported that the sql server database is encrypted in the format: .id_multi-digit_.YOUR_LAST_CHANCE, let us analyze and determine whether it can be restored.
YOUR_LAST_CHANCE


A similar txt file is:
YOUR_LAST_CHANCE-2


Through analysis, this type of encryption ransomware is determined, and we can achieve a good recovery from the database level, which can basically be used directly after recovery.
sql-recover


If your database server (Oracle or sql server) is accidentally ransomized by this virus, you can contact us to recover directly from the database
E-Mail:chf.dba@gmail.com

*** ALL YOUR WORK AND PERSONAL FILES HAVE BEEN ENCRYPTED ***

During a period of recent vacation, I received a lot of win file system encrypted database recovery, mainly focused on virus recovery similar to the following. Through analysis, we can determine that the Oracle and Sql Server databases of this type of encrypted virus can achieve more perfect recovery
1. There is a file under the directory of each file !!! DECRYPT MY FILES !!!. Txt file, the content is:
1


2. Encrypted file name: add the following.id-3109967046_ [Icanhelp@cock.li].firex3m after the original file name
oracle1
sql1


By analyzing the encrypted oracle and sql databases, we can basically achieve perfect recovery (the application of the recovery result can be run directly)
sql-recover
oracle-recovery


SQL Server Database Bitcoin Encryption Ransomware Recovery

For the Oracle database encrypted by GANDCRAB virus, we can provide a more perfect recovery. “GANDCRAB V5.0.4 Bitcoin encryption oracle database recovery”> GANDCRAB V5.0.4 Bitcoin encryption oracle database recovery and GANDCRAB Upgraded Oracle Recovery , we have done some research on the SQL Server database encrypted by GANDCRAB recently, and now it can be better recovered.
gandcrab5.2-sql-server


 1


And if the cost of finding a hacker to decrypt is $ 10w, the customer cannot accept the cost.The main thing in the system is that the sql server database is encrypted. The customer has a backup of several months ago, but the data is severely lost and cannot bear the relevant losses. Recovery support. After a series of recovery, we can achieve a more perfect recovery of the database
gandcrab5.2-sql-server1


gandcrab5.2-sql-server2


If your sql server database is unfortunately encrypted by Bitcoin, you can contact us at any time to provide database level recovery support
E-Mail:chf.dba@gmail.com

.ALCO Bitcoin Crypto Ransom Recovery

A friend recently consulted another win platform which was encrypted by bitcoin ransomware with the suffix name: .ALCO + oracle database recovery request.
. ALCO +


The analysis revealed that the virus is more disgusting than ever, and the head and tail of the file are encrypted in a spaced manner
 oracle-1-alco +
 oracle-3-alco +
 oracle-2-alco +


The analysis results prove that ALCO + separately encrypts the 318 blocks at the beginning and end of the Oracle file.
Through our analysis, for this type of failure, we can also have better recovery results.
 oracle-4-alco +


.CHAK1 Bitcoin Crypto Ransomware Recovery

Recently, a friend encountered an oracle database whose bitcoin suffix is ​​.CHAK1.
 oracle-chak1


We have confirmed that this destruction and the last ( Bitcoin encryption ransom interval encryption ) is similar
 oracle-chak1
 oracle-chak2
< hr>
Through analysis, such damage results are:
1) 1280 block interval encryption,
2) The first 10M data of each encrypted file may be lost
For this customer, through analysis, business data can be recovered perfectly.
 data


If your database is ransomized by Bitcoin crypto and needs recovery support please contact us
E-Mail:chf.dba@gmail.com

.wncry Bitcoin Ransomware Recovery

I have also paid attention to various bitcoin ransomware before. For the oracle database, I mainly focus on pl/sql dev and File Encryption Ransomware, no matter which kind of extortion has not happened The scope of the impact is only wide and has a great impact. Even the public security network of the dynasty was severely infected, and many departments were unable to operate normally.
After infection
 btb
 wncry


Here you can find that the Bitcoin encryption this time is selective encryption, not all files are encrypted, but judged based on the file suffix name, and then encrypted for blackmail.
View encrypted files
 1
 2


This failure is different from the previous encrypted ransomware.This time, the entire file is completely encrypted, which is quite different from the previous encryption, because the full-text encryption also brings great difficulty to the recovery.

Receive Bitcoin
https://btc.com/12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
You can find this linked list. Lisso people receive a lot of bitcoin, and it is generally not recommended to pay bitcoin: 1) it fuels this arrogance, and 2) the payment may not be decrypted (there are examples of failure around)
 3


Fortunately, although we cannot decrypt the encrypted file, according to the encryption principle, we have run oracle (stored the oracle data file) on the hard disk, then there are traces on the hard disk. As long as this trace is not covered, we can pass the underlying Scan the block to recover the data (similar to: asm disk header completely damaged recovery ). Through this principle, we successfully restored a customer’s database today. If this aspect cannot be recovered by itself, you can contact us for technical support
E-Mail:chf.dba@gmail.com
Due to limited technical skills, at present we can only recover the encrypted database for extorting Bitcoin, other files cannot be recovered. For the database, we also need to evaluate the site to determine whether it can be recovered.