Fastwind ransomware, need help with decryption

Kazetana · March 27, 2023

Hey !

Our Truenas core at work was infected with ransomware, the IT guys never turned on snapshots so we're in a bit of a pickle.

I wanted to ask if any of you has has experience with this particular ransomware and could point me to a decryption tool, I could not find one on Kaspersky, Avast, Emsisoft nor Nomoreransom.

All of our files now have this extension : "DZF2QX5SJ".

Attached is also the message as a picture

Thanks !

whispous · March 27, 2023

It's real ransomware, there's no such thing as a secret shortcut decryption tool.

You'll need to pay and pray that they "honour" the payment.

Eigenvektor · March 27, 2023

A quick Google suggests that there is currently no decryption tool available. https://www.pcrisk.com/removal-guides/18583-fastwind-ransomware

Quote

Unfortunately, there are no third party tools that are capable of decryption of files compromised by FastWind. Despite this, you are advised against contacting these cyber criminals or paying for any decryption tools. They often do not send any tools even, after payment.

Decryption tools are only possible if the ransomware itself has a vulnerability that can be exploited or the key is made public somehow. When it uses modern encryption algorithms and the key is randomly generated, there's virtually no way to decrypt files without getting access to the key.

Kazetana · March 27, 2023

2 minutes ago, Eigenvektor said:

A quick Google suggests that there is currently no decryption tool available. https://www.pcrisk.com/removal-guides/18583-fastwind-ransomware

Decryption tools are only possible if the ransomware itself has a vulnerability that can be exploited or the key is made public somehow. When it uses modern encryption algorithms and the key is randomly generated, there's virtually no way to decrypt files without getting access to the key.

Welp, that's what I thought, thanks for the help !