My not exposed MongoDB has hacked to ransom, my files stored on /home/mongo/store has deleted, i use foremost, ext4magic , extundelete , nothing is happening , backups on the same server are deleted too... I have only 1 earlier month backup, its not possible for me to announce that to my customers.
I try my last solution and cat /dev/md3 ( -> /home) and my data partialy encoded appear screenshot
Do you know how to decrypt encoded values ?
Thanks all to save me.
I have only 1 earlier month backup, its not possible for me to announce that to my customers.
Unfortunately, this is what you must do. Absolutely be honest with customers and users, tell them what happened, and what data was lost. Covering this up will cause more reputation damage than the event itself.
The system should be rebuilt from a state prior to the compromise. For the canonical advice on that and more, see: How do I deal with a compromised server?
This was a very expensive lesson about backups. If one month old is not an acceptable RPO, do more frequent offline backups.
