1

my server had been attacked by a ransomware .rapid and all my data had been encrypted , luckily for me the oracle home folder is not encrypted - yet - and most of the files including the datafiles folder and tablespaces are still accessible

Can any One please tell me how to recover my database objects? no backup is available , only oracle home folder -most of it-

EDIT : The System is broken , I am trying to know witch files to collect and copy that will enable me to recover my database files from another system

when I try to log into sqlplus throw cmd I get the following error :

'sqlplus' is not recognized as an internal or external command , operable program or batch file. Blockquote

EDIT : FILES THAT I STILL HAVE ACCESS TO - NOT ENCRYPTED -

Ali3lo
  • 19
  • 1
  • 4
  • More details, please. Are you trying to recover on the same server, or a different one? Do you still have copies of your control file? Do you have a pfile (initialization parameter file, init.ora)? What about the redo logs / archive logs? For a basic overview, research how to clone a database. http://www.dba-oracle.com/oracle_tips_db_copy.htm – kfinity Aug 06 '18 at 14:25
  • @kfinity thanks for the advice "_research how to clone a database_" on my way to do so – Ali3lo Aug 06 '18 at 15:04
  • @kfinity do you mean the _control file_ that is located in the datafiles folder? – Ali3lo Aug 06 '18 at 15:49
  • @kfinity I have updated the question with an attachment that shows the files that I still have access to – Ali3lo Aug 06 '18 at 15:57
  • So all your data is on the USERS tablespace? – APC Aug 06 '18 at 16:20
  • @APC --My data is on the SYSAUX-- MY DATA IS IN THE DEFAULT TABLESPACE – Ali3lo Aug 06 '18 at 16:28
  • Well that's really bad practice, and contra-indicated in the Oracle documentation. But probably the least of your worries right now. – APC Aug 06 '18 at 16:32

1 Answers1

2

Okay. If you can find an init.ora file on your server, that's the PFILE - initialization parameter file - that's the last thing missing to easily copy your database to a new server. If you can't find it, that's ok - it'll just be a little harder. As long as you have the datafiles, you can eventually get your database back.

Basically, you'll want to follow steps 2-8 in the link I posted. You can also find some helpful info in the Oracle guide to manually creating a database in Windows. I'll walk you through them.

  1. Shutdown your old database (if it's still running). This will make sure your datafiles are in a consistent state for copying. Probably stopping the Windows Service would be the easiest way to do that if you can't access sqlplus.
  2. Copy the data to your new server. I'm assuming it'll be in the same location, D:\app\Administrator\oradata\VTC\
  3. Make a copy of the control file CONTROL01.CTL and name it create_db.sql (EDIT: I was assuming that this was a backup to trace ascii version of the control file, but it sounds like this is the binary file)
  4. Edit create_db.sql. Where it says CREATE CONTROLFILE REUSE DATABASE "MY_DB" NORESETLOGS, change it to CREATE CONTROLFILE SET DATABASE "MY_DB" RESETLOGS. Make note of whatever "MY_DB" is - this is your database name. Most people make it the same as the SID. I normally do RESETLOGS which throws out the old redo logs, but you could try keeping them with NORESETLOGS if that works for you.
  5. Remove or comment out the lines that say RECOVER DATABASE and ALTER DATABASE OPEN;. Make sure the paths for the datafiles and logfiles look correct. Save the file.
  6. If you couldn't find your init.ora to copy, I think this very minimal one will work for you, although you'll want to fix your memory settings later. Create it in the same folder.
DB_NAME=MY_DB
INSTANCE_NAME=MY_DB
SERVICE_NAMES=MY_DB
CONTROL_FILES = ("D:\app\Administrator\oradata\VTC\CONTROL01.CTL")
DB_FILES=100

  1. Create an Oracle Database Windows Service. Afterwards check Services to make sure it's running.

    oradim -NEW -SID MY_DB -STARTMODE manual -PFILE "D:\app\Administrator\oradata\VTC\init.ora"

  2. Log in to your new Oracle instance as SYSDBA. There's no database yet.

    cd D:\app\Administrator\oradata\VTC\ set ORACLE_SID=MY_DB sqlplus / as sysdba

  3. Create the database, using the control file from the old server as a script.

    @create_db.sql

  4. If everything comes back OK, run:

    alter database open

kfinity
  • 8,581
  • 1
  • 13
  • 20
  • thank you very much for your help , but on step #4 when i try to open **create_db.sql** with text editor _I dont find Where it says **CREATE CONTROLFILE REUSE DATABASE "MY_DB" NORESETLOGS**_ , I just find a strange code in the file nothing readable – Ali3lo Aug 09 '18 at 22:59
  • did you mean the **trace file** instead of CONTROL01.CTL here >> `3- Make a copy of the control file ` _**CONTROL01.CTL**_ `and name it create_db.sql` – Ali3lo Aug 10 '18 at 01:28
  • you're right, I meant a trace backup of the control file. I think you might be able to reuse the binary control file and start up the database if all the datafile / log file locations are the same, but I've never tried it. – kfinity Aug 10 '18 at 15:07
  • how to do that please , not a detailed instructions , just the flow of actions cuz I'm really lost right now – Ali3lo Aug 10 '18 at 16:01
  • 1. copy datafiles to the new host device 2.install oracle 12c on that device( **should I install only the database tools** ?) 3. what next ?? I dont know how to create the new database without the script that should be generated by `alter database backup controlfile to trace` ?? – Ali3lo Aug 10 '18 at 16:11
  • I think you'll want to ignore steps 3-5. Do steps 6, 7, 8 if you can. Then the basic idea is to do `startup nomount` and then run a `CREATE CONTROLFILE ...` statement, which is what `backup to trace` normally creates. See the example at the end here https://docs.oracle.com/database/121/SQLRF/statements_5004.htm#SQLRF01203 – kfinity Aug 10 '18 at 17:34
  • That'll overwrite the existing controlfile. If you want to try reusing your existing control file, I think you could just try skipping step 9? See if you can startup and open the db. – kfinity Aug 10 '18 at 17:35