All Media File Encrypted As DOCM File

Recommended Posts

Hello @RockyS

If this has encrypted your files, then it is urgent to file a complaint with the administration of


Compare this information with yours. All the same as by you? 


Extension: .DOCM
Ransom note: Restore-My-Files.txt
Email: [email protected]

Tor URL: 

Text on alternative site:
If you want to buy a decryptor
send e-mail to [email protected]

This is in the Update June 3, 2019 in my article GlobeImposter Ransomware
Victims sent me samples. Test results: VT + VMR  - Perhaps they will help decryption specialists figure out something.

There is no free way and free tool to decrypt files. Alas.

Share this post

Link to post
Share on other sites


This is the text file after Encrypted------


All your files are Encrypted!
For data recovery needs decryptor.
How to buy decryptor:


| 1. Download Tor browser - and install it.

| 2. Open link in TOR browser - http://decrmbgpvh6kvmti.onion/
| 3. Follow the instructions on this page 


Note! This link is available via "Tor Browser" only.

Free decryption as guarantee.
Before paying you can send us 1 file for free decryption.

alternate address - http://helpinfh6vj47ift.onion/

###s6dlsnhtjwbhr###           5A DF BC E6 D2 B5 ED 48 B2 89 03 2E E7 47 5A 1B
EF 6B C1 B5 A3 E1 C6 DC B9 DA 92 29 57 89 5A CB
91 21 93 2D EA 02 9B FF E5 C4 FE 7B 43 97 C9 0D
04 11 A5 16 FC 88 A2 CD 27 20 4D 26 5F F9 80 61
0A DE 34 11 C4 49 12 8E 10 1C 81 75 05 1E 3E 81
E4 99 2E C5 F7 9A 38 01 B0 58 71 07 12 27 7F 4A
F7 C8 45 53 A0 BF 28 2F D4 2F FB 7D E3 85 36 A0
7C 0F 04 0D 3F B0 45 FA 6F 3F CB AB 4F 57 93 1D
C9 A2 37 A2 4C 12 46 E9 5A 63 50 15 CE EA 9D 11
4C 7F BB 7E D3 5F 1C BE A4 7E 0A A3 7E 7F AA 7E
8B 34 87 4A 6B 9E A7 8C A8 78 C4 7A 45 EF 77 49
FC 0F BC 77 41 CA A4 D4 09 E2 B2 83 3B ED 70 6C
C5 BF 38 75 41 F3 CC 86 3D 22 C7 F2 24 F2 FB A5
F2 BF A7 01 0F 45 11 AD 2D 1D 93 40 1F 5F CF D2
50 01 8E C2 37 14 C4 F6 98 8D 90 8F 20 20 B9 5B
48 8E 30 52 37 8C 41 D6 BB 89 07 FB BF 7A AD A7

Share this post

Link to post
Share on other sites
16 hours ago, Asim iqbal said:

When should we expect for Decrytper to .DOCM Ransomware...

There's no way to know when a decrypter will be available for GlobeImposter 2.0. It will more than likely require security software companies working in conjunction with law enforcement to gain access to the command and control servers operated by the criminals so that they can liberate the database of private keys, which can take time. As for how much time, that depends on how difficult it is to gain access to the servers operated by the criminals.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.