.DOCM Ransomware

.DOCM Ransomware Description

The .DOCM Ransomware is a malware that belongs to the Globe Imposter family of ransomware. Much like other ransomware, this one encrypts user files and appends them with a different name, specifically .DOCM in this case.

.DOCM Ransomware asks for a ransom once the job is done, creating a document called 'Restore-My-Files.txt' that warns the users about what happened, and also asking for ransom. It explains the ways the affected users can purchase a decryptor using the Tor browser.

The .DOCM Ransomware may invade a computer when the computer users click on corrupted email attachments contained in spam emails, which installs the .aescrypt Ransomware on their machines, visit compromised websites or open a corrupted advertisement. Once inside a computer, the .DOCM Ransomware will look for the files it intends to compromise. Then, it will apply a strong encryption method to these files and append the .DOCM extension to their names, which will make the affected files unreachable by the computer user. The .DOCM Ransomware also will collect information about the infected computer and its owner and will exhibit its ransom note in a file named Restore-My_Files.txt, which will appear on the computer users' desktop containing the following text:

'All your files are Encrypted!
For data recovery needs decryptor.
How to buy a decryptor:
------------------------------------------------------------------------------------------------------------------------
1. Download Tor browser – https://www.torproject.org/ and install it.
2. Open link in TOR browser – http://alcx6zctcmhan3kx.onion/
3. Follow the instructions on this page

Note! This link is available via "Tor Browser" only.

Free decryption as guarantee.
Before paying you can send us 2 files for free decryption.
------------------------------------------------------------------------------------------------------------------------

alternative address – http://dtutgqjuzv7sktgl.onion/

.DOCM'

The .DOCM ransomware also gives an offer to affected users that claims sending a file for free decryption will show they can decrypt the files and that they can be trusted to keep their word. Users are advised to avoid doing that, since in nearly all cases the promises are fake. Once payment is made, most of the criminals behind ransomware threats of this kind don't feel any need to keep any promises made, as they already have the victim's money.

.DOCM ransomware and similar threats may also relate to injection of malware, deletion of Shadow Volume Copies, planting malicious executables and more. The infections may also run other processes in the background, avoiding detection by security suites in some cases. Users are advised to back up their sensitive useful data on external devices to avoid issues like these, since creation of a free decryption tool usually takes time that they may not afford.

The criminals behind the .DOCM Ransomware do not say how much money they want to receive as a ransom. However, no matter what they want, it is not safe to send them money or contact them. Criminals are not trustable people, and even if they have the software you need to decrypt your files once they get the money, they can simply disappear letting you without the money and with your data useless. The simplest and safest solution when infected by the .DOCM Ransomware or similar threat is to use file backups to recover your data.

Do You Suspect Your PC May Be Infected with .DOCM Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like .DOCM Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

One Comment

  • Ahmed Mohsen:

    Dear all
    I am Ahmed From Egypt and I got attacked by two different types of ransom ware with the extension .DOCM and .Moka , firstly I got attacked by .Docm and it encrypt about 750 G.B either my external Hard drive this is because I neglect and disregard to renew my antivirus protection and didn’t renew the license also that I am using p2p software such as emule which held the cyber criminals to attack my Laptop easily with the opened UDP & TCP port , then I got hit by .Moka later so some files now with the two extension .Docm.Moka . I am Asking for help to restore my files or Decrpyt it if there is any possibility .
    With Regards

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.