Shulou(Shulou.com)05/31 Report--

In this issue, Xiaobian will bring you about the Oracle_ransomware solution. The article is rich in content and analyzes and narrates it from a professional perspective. After reading this article, I hope you can gain something.

Oracle_Ransomware Solutions

Oracle:11.2.0.1.0

OS:Windows Server 2008

Question:

Most files on the database server are encrypted, including Oracle software directory files, dmp backup files, etc.

The database cannot be used normally;

Warning logs are garbled.

The encrypted file directory contains the how_to_back_files.html file;

The document states how to apply for the decryptor and the price of decryption;

But find all data files, log files, control files, etc., the files themselves are not encrypted;

Whether the contents of the document have been tampered with cannot be determined;

Solution:

Copy all data files, control files, log files to the test server, install the same version of database software, and start the database through the existing files;

After starting the database, it was found that no data was lost, no tables were locked or data was cleared. It seems that the attacker is not very familiar with the database;

When the database server is affected by ransomware, it is necessary to check which files are affected;

(1)If data files are encrypted or important database tables are deleted, check for recent offsite backups;

There are recent offsite backups or local backups that are not encrypted and can be directly restored to the database;

(2)If there are only local backup files and they have been encrypted, check whether the three major files of the database are encrypted. If they are not encrypted, the database can be started directly by the existing files on the different machine.

(3)If the data files and backup files are all encrypted and important tables in the database are deleted, you can try to recover the data by using DUL or ODU (I have not tested it in the formal environment yet), or contact Oracle or a third-party company specializing in recovery to request support;

The above is how the Oracle_ransomware solution shared by Xiaobian is. If there is a similar doubt, please refer to the above analysis for understanding. If you want to know more about it, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.