7 x 24 在线支持!
oracle database hacked by malware/ransomware
Are the files really encrypted (which would take a considerable length of time for a server of any size) or have "they" just messed around with the file associations so that every file type looks like a zip file? That's quick to do, incredibly annoying but doesn't do [much] permanent damage.
Is Windows itself running? (If so, then they didn't "encrypt" everything).
If you can get into Windows, can you open (right-click, Open With...) any file in any other program? Even Notepad, the lowest common denominator of Windows "editors", would do.
Seriously, though, without backups (stored on another machine) you really are dead in the water.
Even a backup of the file system would be [slightly] better than nothing.
I might even go as far as to say that you should be grateful that this was caused by a hacker - the nett effect would have been exactly the same had the machine's disks failed or the motherboard blown - and then you'd be the one in the firing line for failing to arrange proper recovery measures for your "production database".
Actually they encrypt the datafiles,controlfiles and redologfiles and they remove all the .dmp files for the backup.i found some information after searching on google.
You can get the details of the virus with below URL.This is what exactly they did with our database.
Cybercrooks developing dangerous new file-encrypting ransomware, researchers warn | PCWorld
PowerLocker consists of a single file that’s dropped in the Windows temporary folder. Once run on a computer for the first time, it begins encrypting all user files stored on local drives and network shares, except for executable and system files.
Every file is encrypted using the Blowfish algorithm with a unique key. Those keys are then encrypted with a 2048-bit RSA key that’s part of a public-private key pair unique for every computer. The computer owners will have the public keys, but won’t have the corresponding private RSA keys needed to decrypt the Blowfish keys.
you can also try prm-dul to recover data directly from encrypted datafiles . because most of malware/ransomeware will only encrypt datafile header , and left most of data not damaged .
reference video : https://youtu.be/jOT6k-KF8Hg