Dear Sir,

      We have installed the SQL server in the Microsoft Server 2003 version, if we opened SQL server its showing  msg some hacker is hacked the database & they mentioned your Unique Identificator: 15763, kindly suggest us how to get out from this problem. Hacker mail id is hhhhqqqq@ruggedinbox.com.

We are awaiting for your most valuable suggestions.

What version of SQL Server did you install?

How are you connecting (Opening) SQL Server? Do you have a screenshot?

Disable sa login

Make sure that the default port is disabled.

Dear All,

Someone also hacked into my server and encrypted all the files. And left a text file in every folder as mentioned below:

"All your files were crypted with two strong algoritms - RSA and AES
We can sell you the program that will restore all your files.
If you want buy this program, you need send us your Unique Identificator on hhhhqqqq@ruggedinbox.com
After that we will send you instructions of payment
Also you can attach one small file (less than 300 Kilobytes) and we will restore it.

!!!If we didnt answer you during 1-2 days, it means that we didnt get your letter. So, 
make your own e-mail account on www.ruggedinbox.com and send your letter again.

Your Unique Identificator: 146324"

Please help me how to make the files readable.

Regards,

sandeep@ratnaraj.in

1)Rename SA account to another account

2) keep complex password

3) Change defult port to another port

4) keep less sysadmin roles and give Database role like db_datareader whenver required give db_owner

5) 

SELECT  hostname,
        net_library,
        net_address,
        client_net_address
FROM    sys.sysprocesses AS S
INNER JOIN    sys.dm_exec_connections AS decc ON S.spid = decc.session_id  -- see ip and logins

6) allow only AD user in mssql

7) use SSL certificate for mssql

8) use network sniffer to check port communication happen on mssql like ethereal  http://www.techrepublic.com/article/ethereal-is-a-serious-simple-and-free-protocol-analyzer/

9) start auditing logins.