Ransomware is undoubtedly one of the worst cyber-threats to encounter – its ability to encrypt a large portion of the files found on its victim’s hard drive means that recovering from its attack will be a very challenging task. One new file-encryption Trojan that malware researchers came across was given the name Sambo Ransomware, and it has already found at least one victim in Iran, but there are likely to be other unreported cases too. A closer inspection of the Sambo Ransomware’s behavior and code revealed that it is based on the Paradise Ransomware project, an infamous file-locker family that was first seen in 2017.
Just like the original Paradise file-locker, the Sambo Ransomware is also able to encrypt a rich list of file formats – documents, spreadsheets, archives, images, databases, videos, etc. It avoids encrypting specific file formats and system folders to ensure that the user will be able to keep on using their computer. The Sambo Ransomware’s attack will mark the name of all locked files by adding the ‘.sambo’ extension to the end of their name. The attack is finalized by dropping the ransom message ‘Instructions with your files.txt,’ which serves the purpose of providing the victim with the contact details that can be used to reach the perpetrators – [email protected] or e-mail: [email protected].
The only surefire way to restore all the files locked by the Sambo Ransomware is to recover them from a recent backup – if you do not have a backup copy of your important files, then you should know that the chances of getting your files back are minimal. The attackers claim to possess a decryption tool, but they may ask you to pay hundreds of dollars for it – naturally, you should not accept to sponsor the fraudulent campaigns of cybercriminals, especially when there is a great chance that they might end up stealing your money.
If you are dealing with the Sambo Ransomware’s attack, then we advise you to avoid contacting the attackers. Instead, you should run a popular anti-virus scanner that can assist you with the removal of all corrupted files immediately. Once you complete this task, you will be able to attempt to get your files back by using data recovery tools. Even if you do not get all your files back to normal, you should preserve the encrypted versions in case a decryptor becomes available.
[template:aliases][template:removal][template:technical_title][template:files][template:registry][template:additional]
