On the day after Christmas this 2021, also know as Boxing Day to some, I received a call from someone looking for help to recover from ransomware. This was very similar to many other sad ransomware calls that I have received and tried to help with. This the most important database out of all of the databases they have on the SQL Server, and it is vitally important to the operations of the business.

Every directory on their SQL Server had a readme text file that looked like this:

The call usually starts like this:

“We need help with our SQL Server, the database is in Recovery Pending mode.” Now this could mean the SQL Server had an unclean shutdown, and the database is recovering transactions from the transaction log and doing things appropriately.

But that was not the case this time. The company had been hit with ransomware and they paid the ransom to decrypt their files. Some files decrypted just fine, and others did not.

After some investigation, we discovered, a database with a primary datafile (MDF), and secondary datafile (NDF), and a standard transaction log file (LDF).

The MDF had decrypted correctly, but the NDF and the LDF had not been decrypted by the ransomware decryption tool.

NDF and LDF:

The LDF is usually no big deal, because you can always rebuild the LDF, and possible just lose the transactions that had not been written to the data files yet, but the NDF (secondary data file) had not decrypted, and there was a great deal of data missing from that NDF, and with the NDF encrypted we were not able to attach or bring the database online.

To make things worse they were running on SQL Server 2005, it appears that their full backups had not been succeeding for months, and that they couldn’t find any backups to attempt to restore.

This happen often!

What I have done to fight this fight:

• Lots of blogging about ransomware and what DBA’s can do to prepare.
• I have a FREE, and yes completely FREE online class designed to help the DBA prepare for ransomware ahead of time and perhaps be ready when they are hit with ransomware:

• I have a paid class on SQL Server Backup and Recovery that covers what a DBA needs to know have backups that will account for almost any disaster, and how to practice restoring, and how to configure those backups to survive a ransomware attack.

The hardest part of my job is telling people that I am sorry we cannot help you because your data is gone. At a minimum, please watch the free ransomware class. 

If you really want to be prepared, watch the FREE ransomware classes, THEN sign up for the Backup and Recovery course.

>>> I can’t imagine what it would be like to spend Christmas weekend attempting to recover from ransomware, paying the ransom, and still not getting your data back!

 

---

More from Stedman Solutions:

Steve and the team at Stedman Solutions are here for all your SQL Server needs.
Contact us today for your free 30 minute consultation..
We are ready to help!