ZEPPELIN IMPOSTER Ransomware – recover SQL Server MDF files

2020-12-30 one of my servers got attacked by ransomware virus with the message and signature below:

most of the files on the server were corrupted and the attacker stating the the files were encrypted. My main concern was SQL Server database files. I was able to recover the database files and all the credit goes to “par parvaz” who tipped me that he recovered mdf files using “SysTools SQL Repair Tool and recover software“. I used it recovered the database but with some tables been corrupted were data in wrong columns etc. For me these tools that worked best:

• ApexSQL Recover: recoverd data correctly but its price was too high for a single use.
• SysTools SQL Repair Tool and recover software: Recovered data but some tables had duplicate rows and some not in correct column.
• Kernel for SQL Database: This tool recovered the data correctly but couldn’t recover some of the tables.

By using the above tools was able to recover over 95% of the data.

Obviously the files were just messed up and not encrypted otherwise i wouldn’t have been able to recover any of the data.