Home Malware Programs Ransomware .DOCM Ransomware

.DOCM Ransomware

Posted: April 26, 2019

The .DOCM Ransomware is a file-locking Trojan that's part of the Globe Imposter Ransomware family. Like other family members, it imitates some of the cosmetic traits of Globe Ransomware's kit but also blocks your files from opening and leaves behind ransoming messages. You should have backups for appropriate protection from its attacks, and always use a proper anti-malware program for removing the .DOCM Ransomware infections.

The Trojan that's Suggesting Where It's Coming From

The copycat family of the Globe Imposter Ransomware's latest member may be giving out free clues about how it's compromising them, in the first place. While much remains discoverable about the .DOCM Ransomware, its choice of extension is a blatantly correlational one with some of the most thoroughly-used infection strategies. Whether this choice is a false lead or not, malware researchers recognize the .DOCM Ransomware as a threat that's capable of locking files and holding them in that state indefinitely.

The .DOCM Ransomware automatically searches for media files, such as documents, and blocks them by encrypting the content with AES-256. Such an attack is typical to a range of file-locking Trojans, including both secure and non-secure ones, although malware experts classify the latest version of this family (as of the Globe Imposter 2.0 Ransomware) as being undecryptable. After blocking the files, the Trojan creates a ransoming message for its unlocking help through HTA pop-ups or Notepad TXT texts.

The .DOCM Ransomware's family includes far more than it, alone, although others (see also: the 'callmegoat@protonmail.com' Ransomware, the '.STG File Extension' Ransomware, the ANAMI Ransomware, or the Healforyou Ransomware) don't use its kind of extension. The 'format' tag that it adds to the files, also, is significant for its corresponding to a preexisting string: one that matches Word documents with macro-based content. Malware researchers find this doc in use during drive-by-download attacks for installing file-locker Trojans of multiple families, which makes this choice into an extreme coincidence if it is one.

Outing the Imposters that Inflict Not-So-Fake File Damage

The attacks of file-locking Trojans are capable of both barricading you from your digital media and removing the standard backups, such as the Restore Points, that most users resort to for recovering anything. Additional data reserves that you save to another device can provide the best, and extortion-free, way of recouping from the losses of the .DOCM Ransomware infections.

Unless you're using a highly-outdated version of Word, macro content is inactive, by default. Victims are at risk from macro-based attacks, only after enabling the content after they open the document intentionally. Other vulnerabilities don't require any consent, however, and you always should have an appropriate security program scan your new downloads for threats like embedded buffer overflow exploits.

The Globe Imposer Ransomware represents a not-negligible danger to your files but lacks any advanced protection from traditional anti-malware services. Any anti-malware program with an updated database should delete the .DOCM Ransomware on sight and without needing any extra help from users.

Whether it's true or not that the .DOCM Ransomware is using macros for installing itself, as well as tagging its digital captives, it's an appropriate choice of an extension. Anyone reading a document that's enabling whatever features it asks of them is just waiting for a program or criminal that takes advantage of such gullibility.

Loading...