Recently, a friend of the SQL server database was encrypted with the suffix: .mdf.happythreechoose, which needs to provide recovery support.
Files left by hackers are similar
ALL YOUR FILES ARE ENCRYPTED!
ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED.
To recover data you need decryptor.
To get the decryptor you should:
Send 1 test image or text file happychoose@cock.li or happychoose2@cock.li.
In the letter include YOUR ID (look at the beginning of this document).
We will give you the decrypted file and assign the price for decryption all files
After we send you instruction how to pay for decrypt and after payment you will
receive a decryptor and instructions We can decrypt one file
in quality the evidence that we have the decoder.
Attention!
Only happychoose@cock.li or happychoose2@cock.li can decrypt your files
Do not trust anyone happychoose@cock.li or happychoose2@cock.li
Do not attempt to remove the program or run the anti-virus tools
Attempts to self-decrypting files will result in the loss of your data
Decoders other users are not compatible with your data,
because each user's unique encryption key
The query found that the virus and .happyfourchoose belong to the GlobeImposter family. Currently, the solution is not supported.密
Through low-level analysis, it was found that mainly the header and tail of the file were confidential.
Scanned data files and found that most of the data can be recovered
If you encounter a database that is similar to an encryption virus and encrypted (oracle, mysql, sql server), you can contact us to achieve a better recovery effect without paying the hacker (the recovery is not successful without any fees)
E-Mail:chf.dba@gmail.comProvide professional decryption recovery services.
Protection recommendations:
1. Multiple machines, do not use the same account and password
2. The login password should have sufficient length and complexity, and the login password should be changed regularly.
3. The shared folder of important data should be set up with access control and regularly backed up
4. Regularly detect security vulnerabilities in the system and software and apply patches in a timely manner.
5. Periodically go to the server to check if there is any abnormality. View scope includes:
a) Whether there are new accounts
b) Guest is enabled
c) Is there an exception in the Windows system log
d) Is there any abnormal interception of anti-virus software?
6. Install security protection software and ensure its normal operation.
7. Download and install software from regular channels.
8. For unfamiliar software, if it has been intercepted by antivirus software, do not add trust to continue running.