Recently encountered customer Oracle file is encrypted with suffix name:.id-BE19A09A.[savemydata@qq.com].harma

The corresponding txt file is:

Through analysis, it is determined that the encryption is to segment the data file to process the encryption destruction. Through the analysis of the oracle dictionary storage information and the corresponding data storage relationship, open the database and skip the segmented encrypted part to achieve a more complete database recovery.

For the sql server database, if it is unfortunately encrypted by this type of virus, it can also achieve a more perfect recovery at the database level, reduce losses as much as possible, and do not help the hacker’s rampant behavior (that is, do not give them Bitcoin)