Short bio

Ransom.Samas is Malwarebytes’ detection name for a family of ransomware applications also known as SamSam ransomware.


Affected systems may display ransome notes similar to this one, after all the files have been encrypted.

SamSam ransom

Ransom.Samas ransom note

Type and source of infection

Ransom.Samas in general encrypts your files, then forces you to pay a ransom to get them back. The threat actors have been known to target cities and hospitals among others.
Ransom.Samas knows several variants, but most of them are spread by brute-forcing RDP endpoints.


Malwarebytes protects users from Ransom.Samas by using real-time protection.

SamSam detection

Malwarebytes blocks Ransom.Samas


Malwarebytes can detect and remove Ransom.Samas without further user interaction.

  1. Please download Malwarebytes to your desktop.
  2. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  3. Then click Finish.
  4. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  5. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  6. When the scan is complete, make sure that All Threats are selected, and click Remove Selected.
  7. Restart your computer when prompted to do so.

Take note, however, that removing this ransomware does not decrypt your files. You can only get your files back from backups you made before the infection happened.

Cybersecurity info you can’t do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Select your language