.sambo Files Virus (Paradise Ransomware) - Remove It

.sambo Files Virus (Paradise Ransomware) – Remove It

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

What is .sambo files virus? How did it infect your system? Is there a chance to restore your .sambo files?


In the event that your files are broken and renamed with the extension .sambo your PC has been infected by Paradise ransomware. The .sambo files virus corrupts computer systems in order to encrypt valuable files and then extort a ransom fee from affected users. Once it encodes your files, it will drop a ransom message file in an attempt to blackmail you into paying a ransom fee for .sambo files recovery.

Threat Summary

Name.sambo Files Virus
TypeRansomware, Cryptovirus
Short DescriptionSevere malware that is designed to encrypt valualbe files stored on compromised computers so that it can then extort ransom fee from victims.
SymptomsFiles are encrypted and renamed with a long sequence of extensions that ends with .sambo file extension. Ransom message extorts a payment for files recovery.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by .sambo Files Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .sambo Files Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.sambo Files Virus (Paradise Ransomware) – How Did I Get It and What Does It Do?

A ransomware called .sambo files virus has been spotted in the wild. According to analyses conducted by security experts it is based on the code of

Paradise ransomware family. Actually, this is not the first Paradise ransomware strain detected. As reported by our team, some other recently detected Paradise iterations could be recognized by the extensions .exploit, .Recognizer and .STUB.

There are several spread techniques that are probably used for the distribution of .sambo ransomware. Malsam is considered to be the preferred one. It is realized via massive email spam campaigns, messages of which attempt to trick you into activating the malicious code on your PC. To make you more prone to do this, hackers often misuse the names of well-known businesses and institutions. The malware is usually presented in the form of a file attachment or a link to a corrupted web page. Attached files could be presented as:

  • Invoices coming from reputable sites, like PayPal, eBay, etc.
  • Documents from that appear to be sent from your bank.
  • An online order confirmation note.
  • Receipt for a purchase.
  • Others.

The moment you happen to accidentally activate the payload file of .sambo Paradise virus on your machine, it triggers a long sequence of malicious operations that plague essential system settings and enable the threat to reach data encryption stage. For this stage, the so-called .sambo files virus uses a sophisticated cipher algorithm (RSA-1024). With the help of this algorithm, it transforms the code of target files and limits your access to the data they store. Encrypted may be:

  • Audio files
  • Video files
  • Document files
  • Image files
  • Backup files
  • Banking credentials, etc

A sure trait of an encrypted file is the strange sequence of extensions appended to its original name. Among these extensions there is a contact email address petrus34@p-security.li and the specific .sambo.

The ransomware also drops a ransom note message which is inside a file called Instructions with your files.txt. It attempts to blackmail you into paying a ransom fee in cryptocurrency to cyber criminals. Here is a copy of this message:

All your files have been encrypted contact us via the e-mail listed below.
e-mail: petrus34@p-security.li or e-mail: petrus34@p-security.li

Paradise Ransomware team.

However, you should NOT under any circumstances pay any ransom sum. Your files may not get restored, and nobody could guarantee that. Moreover, giving money to cybercriminals will likely motivate them to create more ransomware viruses or do other criminal activities.

Remove .sambo Files Virus (Paradise Ransomware) and Restore Data

The so-called .sambo files virus is a threat with highly complex code that heavily damages both essential system settings and valuable data. So the only way to use your infected system securely again is to remove all malicious files and objects created by the ransomware. For the purpose, you could follow our step-by-step removal guide.

In the event that you want to attempt to restore .gate files with the help of alternative data recovery methods, do check step four – Try to Restore files encrypted by .sambo Files Virus. We remind you to back up all encrypted files to an external drive before the recovery process.

Gergana Ivanova

Gergana Ivanova

Gergana has completed a bachelor degree in Marketing from the University of National and World Economy. She has been with the STF team for three years, researching malware and reporting on the latest infections.

More Posts

Follow Me:
Google Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share