聯繫:手機/微信(+86 17813235971) QQ(107644445)
作者:惜分飛©版權所有[未經本人同意,不得以任何形式轉載,否則有進一步追究法律責任的權利.]
最近有客戶被MySQL刪庫勒索,現象如下:
1. 刪除掉以前的庫,並創建一個同名庫,並且會創建一個read_me_recover_tn庫,類似下圖:
2. 在read_me_recover_tn庫中有一個readme表,每個被刪除然後創建的庫裏面也有一個readme表
3. 每個readme表內容類似信息類似:
mysql> desc readme -> ; + -----------------+------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | + -----------------+------+------+-----+---------+-------+ | id | int | NO | PRI | NULL | | | Message | text | YES | | NULL | | | Bitcoin_Address | text | YES | | NULL | | + -----------------+------+------+-----+---------+-------+ 3 rows in set (0.01 sec) mysql> select * from readme\G; *************************** 1. row *************************** id: 1 Message: I have backed up all your databases. To recover them you must pay 0.008 BTC (Bitcoin) to this address: 15f9vdGBeT1NCMp6z9NxrQEEUxnYqRPvyC . Backup List: xxxx_db, xxxx_db_test. After your payment email me at ID and you will get a download link to your backup. Emails without transaction ID and server IP will be ignored. Bitcoin_Address: 15f9vdGBeT1NCMp6z9NxrQEEUxnYqRPvyC 1 row in set (0.00 sec) |
這類勒索和我以前介紹相關文章類似:
RECOVER_YOUR_DATA勒索恢復
A____Z____RECOVER____DATA勒索恢復
處理辦法也完全相同:
建議先對系統進行鏡像或者快照,然後按照先os層面恢復,在block級別恢復的方法處理,如果無法自行解決,可以聯繫我們進行技術支持,最大限度搶救和數據,減少損失
電話/微信:17813235971 Q Q:107644445 E-Mail:[email protected]
另外建議加強系統和mysql安全加固,數據庫儘量不要暴露在公網上