My droplet just be hacked by hacker, They require me send btc to get db back. Are there anyway to get back my db by using Recovery ISO. It’s very important for my bussiness :(
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hello @tinhpham0997
(Full disclosure I am the founder and CEO of SnapShooter Backup Service
This is a very tricky situations and please take my advice at face value. I am unsure if DigitalOcean have any policies on ransom.
I presume you have turned off the droplet! Never to be booted up again.
I would recommend the following
- Turn off Droplet
- Create a SnapShot and label it well (HACKED)
- Change to recovery mode
- Book into recovery mode
- Mount the filesystem and make sure you don’t execute anything on the hacked file system
- on the mounted file system inspect the following /var/lib/mysql/
- If these files are intact (which depend on how good the hacker is may not be possible)
- Report finding if unsure
- If they are good proceed to extract those files out of the system learn more here https://stackoverflow.com/questions/484750/restoring-mysql-database-from-physical-files
Good Luck
Simon
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.