Recovering Affected .mdf Files From Ransomware Attack
The SQL database files becomes unusable due to ransomware attack on victim's system and encrypted into .wallet file extension.
In such scenario the SQL Server User will not be able to access his/her database. To regain the access on the database, one can go with the below solution to start recovery of affected .mdf files.
Steps to Recover Data from Affected .mdf Files
- Press Windows + R and type services.msc and click Ok to check running Services on your system.
- Select SQL Server service and right click on it, then click on Stop to Stop SQL Server service ( By stopping SQL server service you will be able to copy or select your affected .mdf files from the default location.)
- Now, Go to the default location where SQL Server contains all the primary, secondary and log files.
we can see the default path of database files (.mdf,.ndf,.ldf) in SQL Server 2014, where all the .mdf database files are located with their associated .ndf and .ldf database files:
C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\DATA\
- Select the .mdf files which are encrypted into .wallet extension and then rename the .wallet extension into .mdf extension.
- Copy and place that .mdf files into a healthy system where the similar or upgraded version of SQL Server pre-installed.
- Now, Launch the Demo version of SysTools SQL Recovery in a healthy system.
- Click on Open to select the affected .mdf file from the placed location.
- After selecting the affected .mdf file, Software will ask you for Quick or Advance scan and then you need to select the SQL Server version of that .mdf file from the given options or you can auto detect the version of that .mdf file by clicking on Auto detect SQL Server file (.mdf) version.
- Once the file is successfully loaded into SysTools SQL recovery, the Next scanning process will recover the data from affected .mdf file and after completion of scanning process software will generate the scanning report of available database objects in that file.
Note: Once the affected .mdf file successfully scanned and Software previews the .mdf file objects like Tables,Trigger,Views,Functions etc then one can go with further export option by purchasing the full version of SysTools SQL Recovery.
PS: It's highly recommended to perform above action on a healthy system with live SQL Server environment to recover database from affected .mdf file using SysTools SQL Recovery Tool.