.DOCM Ransomware — How to Remove It

.DOCM Ransomware Virus File — How to Remove It

.DOCM Ransomware virus remove

.DOCM ransomware is the newest virus that is descendant from the Globe Imposter family of threats. At the moment there is no information about the criminal collective which gives us the impression that the most popular hacking strategies are to be used. This includes the coordination of email phishing emails which are modeled after the notifications that have been sent in by well-known companies and services. A similar strategy is the creation of malicious web sites which are made to pose as well-known and safe web portals, search engines and landing pages. To make them appear as safe and legitimate sites they can be hosted on domains that sound familiar to the end users. Some of them may also include stolen or self-signed certificates.

Threat Summary

Name.DOCM Ransomware
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware encrypts files on your computer machine and demands a ransom to be paid to allegedly restore them.
SymptomsThe ransomware will blackmail the victims to pay them a decryption fee. Sensitive user data may be encrypted by the ransomware code.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by .DOCM Ransomware


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .DOCM Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

The infections can also be caused through the insertion of the necessary code in various payload carriers, the two most popular ones are the following:

  • Software Installers — The hackers can embed the necessary code into the setup files of popular software: system utilities, productivity apps and even computer games.
  • Malware Documents — They can be of any of the popular file formats: rich text documents, presentations, databases and spread sheets. As soon as they are opened a prompt will appear asking them the victim users to enable the interactive content. If this is done the virus infection will begin.

Larger infections can be caused by the use of browser hijackers which represent dangerous web browser plugins which are made compatible with the most popular software and spread to their repositories. Commonly fake user reviews and developer credentials are used in order to make the samples look more real. Whenever they are installed the dangerous code will be deployed.

As soon as the .DOCM ransomware is installed on a given computer it will launch its built-in sequence of dangerous components. A standard routine is to start with a data harvesting which can retrieve sensitive information both about the users and the machines. The collected information can be used to generate an unique ID that can be assigned to each individual computer. On the other hand any personal information that is acquired can lead to crimes such as financial abuse and identify theft.

The collected data can then be used to scan the file system for any security applications which can be bypassed — usually this includes all kinds of anti-virus engines, firewalls, sandbox environments and virtual machine hosts.

At this point all kinds of malicious actions can follow:

  • Persistent Installation — The virus engine can reprogram the operating system in order to launch itself every time the computer is booted. This is referred to as a persistent installation. It can also block access to certain recovery menus and options which can render most manual user removal instructions non-working.
  • Windows Registry Changes — They can modify both values belonging to the operating system and third-party applications. As such the users may experience serious data loss, problems with accessing certain functions and errors.
  • Additional Malware Delivery — Globe Imposter infections like the .DOCM ransomware can be used to install all kinds of other viruses to the computers. The list includes all manners of Trojans, miners and redirects. In addition this can be coupled with removal of sensitive files such as backups and shadow volume copies.

When all components have finished running the actual encryption phase will start. Using a strong target user data will be processed and made non-accessible for the users. Usually the most common file types will be affected: images, music, videos, databases, archives and databases. When this step is completed the encrypted files will be renamed with the associated .DOCM extension. The ransomware note which is designed in order to coerce the victims into paying the hackers a decryption fee is called Restore-My-Files.txt in this release.

.DOCM Ransomware – What Does It Do?

.DOCM Ransomware could spread its infection in various ways. A payload dropper which initiates the malicious script for this ransomware is being spread around the Internet. .DOCM Ransomware might also distribute its payload file on social media and file-sharing services. Freeware which is found on the Web can be presented as helpful also be hiding the malicious script for the cryptovirus. Read the tips for ransomware prevention from our forum.

.DOCM Ransomware is a cryptovirus that encrypts your files and shows a window with instructions on your computer screen. The extortionists want you to pay a ransom for the alleged restoration of your files. The main engine could make entries in the Windows Registry to achieve persistence, and interfere with processes in Windows.

The .DOCM Ransomware is a crypto virus programmed to encrypt user data. As soon as all modules have finished running in their prescribed order the lockscreen will launch an application frame which will prevent the users from interacting with their computers. It will display the ransomware note to the victims.

You should NOT under any circumstances pay any ransom sum. Your files may not get recovered, and nobody could give you a guarantee for that.

The .DOCM Ransomware cryptovirus could be set to erase all the Shadow Volume Copies from the Windows operating system with the help of the following command:

→vssadmin.exe delete shadows /all /Quiet

If your computer device was infected with this ransomware and your files are locked, read on through to find out how you could potentially restore your files back to normal.

Remove .DOCM Ransomware

If your computer system got infected with the .DOCM Files ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.


Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share