Threat Database Ransomware Sambo Ransomware

Sambo Ransomware

By GoldSparrow in Ransomware

The Sambo Ransomware is a file cryptor Trojan that is a new variant of the Paradise Ransomware. The Sambo Ransomware is dispersed via spam emails that include macro-enabled Microsoft Word documents. The harmful text files are designed to download and install the Sambo Ransomware Trojan on your PC as soon as you enable macros on the dropper component. It is a common practice among ransomware developers to use MS Word documents to install malware on remote computers as you only need a bit of social engineering in place. The emails associated with the Sambo Ransomware are likely to be presented as notifications from banking institutions and updates from online stores so that Web users are more likely to open the attached file. The Sambo Ransomware is programmed to apply a custom cipher to images, audio records, video, databases, text, spreadsheets, eBooks, presentations and PDFs. Data containers enciphered by the Trojan feature new names and are essentially new files. The Sambo Ransomware employs the following naming scheme '._[6 random chars]_[].sambo.' For example, 'Niagara Falls.jpeg' is renamed to something like 'Niagara Falls.jpeg_3N7uj9_[].sambo' and a ransom note named 'Instructions with your files.txt' is dropped to the desktop.

The Sambo Ransomware Trojan provides the following message:

'All your files have been encrypted contact us via the e-mail listed below.
e-mail: or e-mail:'

Computer security experts encourage users attacked by the Sambo Ransomware to avoid communication with the cybercriminals via '' and other email accounts. The ransomware actors might lie to the users, and you might lose your data and money on the same day. Threats like the Sambo Ransomware are ineffective as long as you have made backups recently and keep copies of your files on the cloud. It is recommended to boot data backups and clean infected machines with the help of a credible anti-malware tool.


Most Viewed