.sambo Files Virus (Paradise Ransomware) - Remove It

.sambo Files Virus (Paradise Ransomware) – Remove and Restore Files

What is .sambo files virus? How did it infect your system? Is there a chance to restore your .sambo files?


In the event that your files are broken and renamed with the extension .sambo your PC has been infected by Paradise ransomware. The .sambo files virus corrupts computer systems in order to encrypt valuable files and then extort a ransom fee from affected users. Once it encodes your files, it will drop a ransom message file in an attempt to blackmail you into paying a ransom fee for .sambo files recovery.

Threat Summary

Name.sambo Files Virus
TypeRansomware, Cryptovirus
Short DescriptionSevere malware that is designed to encrypt valualbe files stored on compromised computers so that it can then extort ransom fee from victims.
SymptomsFiles are encrypted and renamed with a long sequence of extensions that ends with .sambo file extension. Ransom message extorts a payment for files recovery.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by .sambo Files Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .sambo Files Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.sambo Virus File – Update November 2019 – A Decrypter Is Avaialble

There’s some very good news concerning the victims of Paradise ransomware – an official decrypter has been released.

The ransomware in its various iterations has been infecting users for more than two users. Not surprisingly, the new decrypter has been created by Emsisoft, and it can decrypt files encrypted by Paradise versions since 2017.

However, not all versions of the ransomware are decryptable. Here is the list of extensions that can be restored with the help of the Paradise ransomware decrypter:

  • .2ksys19
  • .p3rf0rm4
  • .prt
  • .exploit
  • .immortal
  • .Recognizer
  • .sambo
  • .paradise
  • .FC
  • .sev

As noted by Emsisoft:

The decryptor requires access to a file pair consisting of one encrypted file and the original, unencrypted version of the encrypted file to reconstruct the encryption keys needed to decrypt the rest of your data. The two files must be at least 3KB in size each. Please do not change the file names of the original and encrypted files, as the decryptor may perform file name comparisons to determine the correct file extension used for encrypted files on your system.

If you have been infected by the .sambo version of the ransomware, you can download the Paradise decrypter and restore your .sambo files.

.sambo Files Virus (Paradise Ransomware) – How Did I Get It and What Does It Do?

A ransomware called .sambo files virus has been spotted in the wild. According to analyses conducted by security experts it is based on the code of

Paradise ransomware family. Actually, this is not the first Paradise ransomware strain detected. As reported by our team, some other recently detected Paradise iterations could be recognized by the extensions .exploit, .Recognizer and .STUB.

There are several spread techniques that are probably used for the distribution of .sambo ransomware. Malsam is considered to be the preferred one. It is realized via massive email spam campaigns, messages of which attempt to trick you into activating the malicious code on your PC. To make you more prone to do this, hackers often misuse the names of well-known businesses and institutions. The malware is usually presented in the form of a file attachment or a link to a corrupted web page. Attached files could be presented as:

  • Invoices coming from reputable sites, like PayPal, eBay, etc.
  • Documents from that appear to be sent from your bank.
  • An online order confirmation note.
  • Receipt for a purchase.
  • Others.

The moment you happen to accidentally activate the payload file of .sambo Paradise virus on your machine, it triggers a long sequence of malicious operations that plague essential system settings and enable the threat to reach data encryption stage. For this stage, the so-called .sambo files virus uses a sophisticated cipher algorithm (RSA-1024). With the help of this algorithm, it transforms the code of target files and limits your access to the data they store. Encrypted may be:

  • Audio files
  • Video files
  • Document files
  • Image files
  • Backup files
  • Banking credentials, etc

A sure trait of an encrypted file is the strange sequence of extensions appended to its original name. Among these extensions there is a contact email address petrus34@p-security.li and the specific .sambo.

The ransomware also drops a ransom note message which is inside a file called Instructions with your files.txt. It attempts to blackmail you into paying a ransom fee in cryptocurrency to cyber criminals. Here is a copy of this message:

All your files have been encrypted contact us via the e-mail listed below.
e-mail: petrus34@p-security.li or e-mail: petrus34@p-security.li

Paradise Ransomware team.

However, you should NOT under any circumstances pay any ransom sum. Your files may not get restored, and nobody could guarantee that. Moreover, giving money to cybercriminals will likely motivate them to create more ransomware viruses or do other criminal activities.

Remove .sambo Files Virus (Paradise Ransomware) and Restore Data

The so-called .sambo files virus is a threat with highly complex code that heavily damages both essential system settings and valuable data. So the only way to use your infected system securely again is to remove all malicious files and objects created by the ransomware. For the purpose, you could follow our step-by-step removal guide.

In the event that you want to attempt to restore .gate files with the help of alternative data recovery methods, do check step four – Try to Restore files encrypted by .sambo Files Virus. We remind you to back up all encrypted files to an external drive before the recovery process.

Gergana Ivanova

Gergana Ivanova

Gergana has completed a bachelor degree in Marketing from the University of National and World Economy. She has been with the STF team for four years, researching malware and reporting on the latest infections.

More Posts

Follow Me:
Google Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share