My droplet just be hacked by hacker, They require me send btc to get db back. Are there anyway to get back my db by using Recovery ISO. It’s very important for my bussiness :(

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hello @tinhpham0997

(Full disclosure I am the founder and CEO of SnapShooter Backup Service

This is a very tricky situations and please take my advice at face value. I am unsure if DigitalOcean have any policies on ransom.

I presume you have turned off the droplet! Never to be booted up again.

I would recommend the following

1) Turn off Droplet
2) Create a SnapShot and label it well (HACKED)
3) Change to recovery mode
4) Book into recovery mode
5) Mount the filesystem and make sure you don’t execute anything on the hacked file system
6) on the mounted file system inspect the following /var/lib/mysql/
7) If these files are intact (which depend on how good the hacker is may not be possible)
8) Report finding if unsure
9) If they are good proceed to extract those files out of the system learn more here https://stackoverflow.com/questions/484750/restoring-mysql-database-from-physical-files

Good Luck

Simon

Submit an Answer