Bright K

.DOCM ransomeware infected my laptop

Recommended Posts

All files on my pc all of a sudden just changed extension to .DOCM and cant be opened.

I under its a ransomware thing and the files have been encrypted by the malware.

Please help.

below is contend of the ransomfile


All your files are Encrypted!
For data recovery needs decryptor.
How to buy decryptor:

----------------------------------------------------------------------------------------

| 1. Download Tor browser - https://www.torproject.org/ and install it.

| 2. Open link in TOR browser - http://decrmbgpvh6kvmti.onion/
               
| 3. Follow the instructions on this page 

----------------------------------------------------------------------------------------

Note! This link is available via "Tor Browser" only.

------------------------------------------------------------
Free decryption as guarantee.
Before paying you can send us 1 file for free decryption.
------------------------------------------------------------

alternate address - http://helpinfh6vj47ift.onion/


DO NOT CHANGE DATA BELOW
###s6dlsnhtjwbhr###           36 17 A5 97 72 71 08 54 99 E1 30 F9 28 9D B0 DD
1E 95 7C 4B E1 9B 12 32 6B F3 48 D3 75 81 C9 98
87 9A B3 7F 4D C1 44 5E E6 BE D5 A8 65 88 C2 D3
BF 3F 1D 52 2D 92 E2 27 A8 33 96 DA 04 97 3E E0
09 56 F7 FC 47 6F 03 BF 79 C2 A4 7E 22 04 2C 6B
FC 55 79 7A 6B AD 30 1A 53 92 C0 82 5A E0 41 35
43 F8 73 F4 2E 77 3E C5 70 7C 20 8C 69 7B B5 D6
56 18 74 21 3F E1 CE E8 78 A3 CD 11 7D B3 B4 F1
49 38 37 80 19 C7 53 BA 3A 92 29 55 11 36 3F B2
90 FB 78 53 71 4B 6E 5F B4 58 34 94 93 39 1C 3E
55 62 FE 38 3C 62 8D AE 4B 06 29 4B 1C 94 F0 A6
F0 41 5B 4B BD 7F AE 69 7F E3 D6 99 B1 56 1C 60
2C 86 1B BC 4F 29 DF 70 96 48 45 42 D5 25 73 68
25 C4 73 25 CB 12 34 AA D1 3B BE 49 B6 63 F4 27
C1 AB 9F 9C CA 2A 5E 19 AD BA 1D AE 87 B3 9B 5F
47 19 DC 08 42 23 9A 63 33 18 D1 4B 6E A1 81 04
###             

Share this post


Link to post
Share on other sites

To identify this Ransomware you can use the service ID Ransomware.
He will give you a link to the support topic on the BleepingComputer forum.

This may be GlobeImposter-2 Ransomware, but it may be different. Now there are imitators for him. But, unfortunately, there are no free ways to decrypt files after GlobeImposter-2.

Share this post


Link to post
Share on other sites

Imitators can also fool the service iD Ransomware, so regardless of the results that you get on the site ID Ransomware, do the following... 

I need to see the original ransom note html-file. Please archive it without a password and attach it to your message. Do not attach it to the message without the archive, otherwise the file will be changed.

Also place in another archive and attach several encrypted files to the message (jpg, png, doc, txt).

If their size is larger than the allowed attachment, then upload this archive to www.sendspace.com and give us a link to download.

Share this post


Link to post
Share on other sites

To archive (aka. ZIP) a file, simply right-click on it, go to Send to, and select Compressed (zipped) folder. Alternately you can use 7-Zip, WinRar, WinZip, or any other archive manager you prefer. We can open most popular archive formats (7z, RAR, ZIP, etc).

Share this post


Link to post
Share on other sites

Two days ago, same things happened to me. I folow their instructions and end up negotiating about amount of money for decrypting. 400$ is huge amount in Bosnia and bigest trouble is locked pictures of my daughter 😞. What do you suggest to do? Thankful in advance.

Share this post


Link to post
Share on other sites

@MitarX

To identify this Ransomware you can use the service ID Ransomware.
He will give you a link to the support topic on the BleepingComputer forum.

This may be GlobeImposter-2 Ransomware, but it may be different. Now there are imitators for him. But, unfortunately, there are no free ways to decrypt files after GlobeImposter-2.

I need to see the original ransom note html-file. Please archive it without a password and attach it to your message. Do not attach it to the message without the archive, otherwise the file will be changed.

If the ransom note file is in the TXT-format, you can simply attach it to the message without archiving.

Also place in another archive and attach several encrypted files to the message (jpg, png, doc, txt).

If their size is larger than the allowed attachment, then upload this archive to www.sendspace.com and give us a link to download.

Share this post


Link to post
Share on other sites

DCOM ransomware attacked my wife's laptop. Content of Desktop/Documents/Pictures/Music folders was all infected. Each folder has its own ransomfile in text format.

Please help me recover the documents and pictures files.

I tried the ID Ransomware by uploading one of the infected or encrypted files and the result is GlobeImposter-2 Ransomware.

Share this post


Link to post
Share on other sites
2 hours ago, MitarX said:

What do you suggest to do?

If it's GlobeImposter 2.0, then free decryption may not be possible, however I also do not recommend contacting the criminals yourself or paying them yourself. If you absolutely feel you have to pay to get your files back, then have a third-party that has experience negotiating with such criminals contact them for you. There are a few companies that are up-front about the fact that they do this, however CoveWare is the only one I can remember off the top of my head.

Share this post


Link to post
Share on other sites
1 hour ago, perry65 said:

Please help me recover the documents and pictures files.

Please see the reply I posted for MitarX, as the same will apply for anyone with files encrypted by GlobeImposter 2.0.

Share this post


Link to post
Share on other sites
7 hours ago, GT500 said:

If it's GlobeImposter 2.0, then free decryption may not be possible, however I also do not recommend contacting the criminals yourself or paying them yourself. If you absolutely feel you have to pay to get your files back, then have a third-party that has experience negotiating with such criminals contact them for you. There are a few companies that are up-front about the fact that they do this, however CoveWare is the only one I can remember off the top of my head.

Thanks for the advice.

Share this post


Link to post
Share on other sites
On 6/8/2019 at 12:24 AM, MitarX said:

Two days ago, same things happened to me. I folow their instructions and end up negotiating about amount of money for decrypting. 400$ is huge amount in Bosnia and bigest trouble is locked pictures of my daughter 😞. What do you suggest to do? Thankful in advance.

can you share that software with me i need it tooo i have same problem 

Share this post


Link to post
Share on other sites
On 6/8/2019 at 12:30 AM, Amigo-A said:

@MitarX

To identify this Ransomware you can use the service ID Ransomware.
He will give you a link to the support topic on the BleepingComputer forum.

This may be GlobeImposter-2 Ransomware, but it may be different. Now there are imitators for him. But, unfortunately, there are no free ways to decrypt files after GlobeImposter-2.

I need to see the original ransom note html-file. Please archive it without a password and attach it to your message. Do not attach it to the message without the archive, otherwise the file will be changed.

If the ransom note file is in the TXT-format, you can simply attach it to the message without archiving.

Also place in another archive and attach several encrypted files to the message (jpg, png, doc, txt).

If their size is larger than the allowed attachment, then upload this archive to www.sendspace.com and give us a link to download. DCOM ransomware attack on my pc today :(

 

Restore-My-Files.txt 0a8f03d6-ee7d-467a-82c9-cf09a2ff140d.JPG.DOCM 92Y58PIC5NZ (1).jpg.DOCM 92Y58PIC5NZ.jpg.DOCM 44161760_732319223773497_4271328861154705408_n.jpg.DOCM 44389101_10156935510951694_4108470259705446400_n.jpg.DOCM 49596106_743108476074464_8214559458261467136_n.jpg.DOCM download (1).jpg.DOCM download.jpg.DOCM

Share this post


Link to post
Share on other sites
4 hours ago, khan1 said:

can you share that software with me i need it tooo i have same problem

If you feel that you have to pay to get your files back, then I recommend having a third-party with experience negotiating with criminals like this contact them for you. There are a number of companies that are honest about the fact that they do this, however CoveWare is the only one I can remember off the top of my head.

Share this post


Link to post
Share on other sites

khan1

This is what is in the updates in my article GlobeImposter Ransomware
I found several similar variants  here and in another forum. 
Also victims sent me samples. Test results: VT + VMR

Perhaps they will help decryption specialists figure out something.

Update June 3, 2019:
Extension: .DOCM
R/n: Restore-My-Files.txt
Email: [email protected]

Tor URL: 
xxxx://decrmbgpvh6kvmti.onion/
xxxx://helpinfh6vj47ift.onion/

Text on alternative site:
If you want to buy a decryptor
send e-mail to [email protected]

There is no free way and no free file decryption tool. Alas.

Share this post


Link to post
Share on other sites

Hi

I have the same problem and didn't a get understanding of what is the way to solve this issue?

Thanks 

Share this post


Link to post
Share on other sites
21 hours ago, Skyp said:

I have the same problem and didn't a get understanding of what is the way to solve this issue?

There is no free way and no free file decryption tool. Alas.

  • Upvote 1

Share this post


Link to post
Share on other sites
23 hours ago, Skyp said:

I have the same problem and didn't a get understanding of what is the way to solve this issue?

That's because there's currently no way of decrypting your files without paying the ransom, which of course no one recommends doing.

Note that it is also highly recommended that you never try to contact the criminals yourself. Use a third-party to negotiate with the criminals for you if needed, but never try to do it yourself. There are a few companies out there that can do this for you, however the only one I can remember is CoveWare.

Share this post


Link to post
Share on other sites
12 hours ago, GT500 said:

That's because there's currently no way of decrypting your files without paying the ransom, which of course no one recommends doing.

Note that it is also highly recommended that you never try to contact the criminals yourself. Use a third-party to negotiate with the criminals for you if needed, but never try to do it yourself. There are a few companies out there that can do this for you, however the only one I can remember is CoveWare.

Thanks

Share this post


Link to post
Share on other sites
18 hours ago, Amigo-A said:

There is no free way and no free file decryption tool. Alas.

OK, thanks. What is not a free way? Except contact with ransom

Share this post


Link to post
Share on other sites

Yes, there is only paid, which provide extortionists. But extortioners cannot be trusted, they can hide with money, they can make a mistake and provide a broken decryptor, or their server can be turned off. There are too many probabilities that the money will be wasted.

Share this post


Link to post
Share on other sites
9 hours ago, Skyp said:

What is not a free way?

Due to the fact that no one has been able to come up with a way of decrypting files in a reasonable amount of time without having access to the database of private keys, and since the criminals are keeping the private keys securely stored on their servers and no one else has access to them that means no one can make a free decryption tool.

Share this post


Link to post
Share on other sites
17 hours ago, GT500 said:

Due to the fact that no one has been able to come up with a way of decrypting files in a reasonable amount of time without having access to the database of private keys, and since the criminals are keeping the private keys securely stored on their servers and no one else has access to them that means no one can make a free decryption tool.

Strange ... I do not deny the fact that any work should be paid and would be willing to pay reasonable money, not such as blackmailer extort , especially since there are no guarantees, so I would ready pay money for the working method of decrypting files back. I initially did not say that I am looking for freebies

Share this post


Link to post
Share on other sites
On 6/23/2019 at 1:46 PM, Skyp said:

I would ready pay money for the working method of decrypting files back.

All of our decrypters are free. We don't have paid ransomware recovery services. If there was a way to decrypt the files in a reasonable amount of time, then we'd release a decrypter for free, that way everyone could benefit from it.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.