.DOCM Ransomware

By GoldSparrow in Ransomware

The .DOCM Ransomware is a malware that belongs to the Globe Imposter family of ransomware. Much like other ransomware, this one encrypts user files and appends them with a different name, specifically .DOCM in this case.

.DOCM Ransomware asks for a ransom once the job is done, creating a document called 'Restore-My-Files.txt' that warns the users about what happened, and also asking for ransom. It explains the ways the affected users can purchase a decryptor using the Tor browser.

The .DOCM Ransomware may invade a computer when the computer users click on corrupted email attachments contained in spam emails, which installs the .aescrypt Ransomware on their machines, visit compromised websites or open a corrupted advertisement. Once inside a computer, the .DOCM Ransomware will look for the files it intends to compromise. Then, it will apply a strong encryption method to these files and append the .DOCM extension to their names, which will make the affected files unreachable by the computer user. The .DOCM Ransomware also will collect information about the infected computer and its owner and will exhibit its ransom note in a file named Restore-My_Files.txt, which will appear on the computer users' desktop containing the following text:

'All your files are Encrypted!
For data recovery needs decryptor.
How to buy a decryptor:
------------------------------------------------------------------------------------------------------------------------
1. Download Tor browser – https://www.torproject.org/ and install it.
2. Open link in TOR browser – http://alcx6zctcmhan3kx.onion/
3. Follow the instructions on this page

Note! This link is available via "Tor Browser" only.

Free decryption as guarantee.
Before paying you can send us 2 files for free decryption.
------------------------------------------------------------------------------------------------------------------------

alternative address – http://dtutgqjuzv7sktgl.onion/

.DOCM'

The .DOCM ransomware also gives an offer to affected users that claims sending a file for free decryption will show they can decrypt the files and that they can be trusted to keep their word. Users are advised to avoid doing that, since in nearly all cases the promises are fake. Once payment is made, most of the criminals behind ransomware threats of this kind don't feel any need to keep any promises made, as they already have the victim's money.

.DOCM ransomware and similar threats may also relate to injection of malware, deletion of Shadow Volume Copies, planting malicious executables and more. The infections may also run other processes in the background, avoiding detection by security suites in some cases. Users are advised to back up their sensitive useful data on external devices to avoid issues like these, since creation of a free decryption tool usually takes time that they may not afford.

The criminals behind the .DOCM Ransomware do not say how much money they want to receive as a ransom. However, no matter what they want, it is not safe to send them money or contact them. Criminals are not trustable people, and even if they have the software you need to decrypt your files once they get the money, they can simply disappear letting you without the money and with your data useless. The simplest and safest solution when infected by the .DOCM Ransomware or similar threat is to use file backups to recover your data.

1 Comment

Dear all
I am Ahmed From Egypt and I got attacked by two different types of ransom ware with the extension .DOCM and .Moka , firstly I got attacked by .Docm and it encrypt about 750 G.B either my external Hard drive this is because I neglect and disregard to renew my antivirus protection and didn’t renew the license also that I am using p2p software such as emule which held the cyber criminals to attack my Laptop easily with the opened UDP & TCP port , then I got hit by .Moka later so some files now with the two extension .Docm.Moka . I am Asking for help to restore my files or Decrpyt it if there is any possibility .
With Regards

Trending

Most Viewed

Loading...