This case study highlights the successful recovery of a Kingdee Cloud Starry Sky ERP database (SQL Server 2008 R2) following a targeted attack by the .mkp ransomware. Our team successfully bypassed the encryption to achieve a perfect restoration of critical financial and operational data.

Client & Data Information

• Client Name: Confidential
• Data Type: SQL Server 2008 R2 (Kingdee Cloud Starry Sky)
• Data Capacity: 15 GB
• Ransomware Extension: [[email protected]].mkp

Incident Summary

The client’s production server was infected with the .mkp ransomware variant, resulting in the encryption of all critical files. The attack appended the [[email protected]].mkp extension to all documents, completely paralyzing the Kingdee Cloud Starry Sky ERP system. Initial diagnostics revealed that while the file-level encryption was extensive, the internal 15 GB database structure remained largely stable.

Technical Analysis

Technical forensics on the .mkp infection yielded several critical findings:

• High Integrity: Analysis of the encrypted .MDF files showed that the core data pages and relational tables remained intact despite the modified file headers.
• ERP Compatibility: Because Kingdee Cloud Starry Sky relies on high-consistency SQL structures, the recovery required precise alignment of the internal data blocks.
• Recovery Viability: Using the Excellent SQL Database Recovery Tool, our engineers confirmed that we could extract the raw data without the need for a decryption key from the attackers.

Recovery Solution

The recovery strategy utilized a direct data extraction and repair method. By focusing on the internal database sectors, our engineers rebuilt the corrupted blocks caused by the ransomware. This specialized approach allows for the extraction of clean data, ensuring that no malicious code is carried over from the infected environment.

Recovery Process

• Forensic Database Analysis: Identifying the encryption depth of the .mkp virus within the 15 GB SQL 2008 R2 file.
• Encrypted Block Repair: Using specialized tools to correct and reconstruct the corrupted database pages and headers.
• Data Extraction & Migration: Extracting Kingdee ERP tables and records from the corrupted container into a fresh SQL environment.
• 100% Integrity Verification: Validation of the relational data to ensure all financial records and ERP modules are consistent.
• ERP System Mounting: Final confirmation that the database is fully compatible and directly usable by the Kingdee Cloud Starry Sky application.

Recovery Results

• Recovery Integrity: 100%
• Recovered Files: SQL Server 2008 R2 / Kingdee ERP Database
• System Status: Fully restored; ERP system back online with no data loss.
• Total Recovery Time: 5 Hours

Expert Reminder from Shenzhen Excellent Data Recovery Center: Regular backups are your most effective defense against ransomware. In the event of a .mkp infection, contact professionals immediately. We provide a 100% original database recovery guarantee for specific failures and can recover databases of any size immediately.