Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · Mar 2019

How to remove Drume ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Ugnius Kiguolis · The mastermind

Drume ransomware is the cryptovirus that demands payment for encrypted files in the ransom note called _open_.txt

Drume ransomware

Drume ransomware – a virus that hails from the same ransomware family which releases a handful of versions in one week of March 2019. This is one of the newest versions of the Djvu ransomware virus that came to the wild only slightly altered. Probably the only difference from other previous versions besides the .drume file extension is the ransom note file name, but not the text or contact information. Drume ransomware virus encrypts users' files and delivers _open_.txt file with the information about ransom amount of $980. As before, there is an opportunity to get a 50% discount if you contact cybercriminals in less than 72 hours. However, paying the ransom is not an option, and you should remove this threat and clean the device instead. You may lose your money or files if you try to contact virus developers. Remember that this virus also belongs to a STOP ransomware family.

Name Drume ransomware
Type Cryptovirus
Related Djvu ransomware
Ransomware family STOP ransomware
File extension .drume
Ransom note _open_.txt
Ransom amount $980
Contact email blower@firemail.cc; blower@india.cc
Removal tips Employ the reputable anti-malware program and remove Drume ransomware. Clean the virus damage using FortectIntego

Unfortunately, Drume ransomware virus hails from a whole cryptovirus family called STOP ransomware that first was spotted in December 2017. However, the primary version of this threat is Djvu ransomware that has been especially active for the past month because researchers discovered at least fifteen variants already. 

Drume ransomware is not very changed when compared to previous versions because the text in the ransom note is identical to previously discovered ransomware and the amount of ransom, including the half off discount, is one of the unifying features. [1]

As per usual Drume ransomware comes to the world with a different file maker, so when users' photos, documents or databases get encoded .drume appears at the end of each file. Immediately after the encryption ransom message appears in every folder of the computer. The note reads the following:

ATTENTION!
Don’t worry, you can return all your files!
All your files documents, photos, databases and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees do we give to you?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information
Don’t try to use third-party decrypt tools because it will destroy your files.
Discount 50% available if you contact us first 72 hours.
=======================================================
To get this software you need write on our e-mail:
blower@india.com

Reserve e-mail address to contact us:
blower@firemail.cc

Your personal ID:
================================================

You should never trust people behind cyber threats like Drume ransomware because those people are criminals and all they want is to trick you into paying the demanded amount. Unfortunately, there is little possibility that paying could work as an option to get your files back. In most cases, developers disappear after that money transfer.[2] 

The main focus of cyber threats like Drume ransomware is to get users' money by encrypting their files and demanding to pay for the recovery. Unfortunately, criminals cannot guarantee that you will get your files after the payment. The best solution for those locked files is data backups or file restoring software.

However, you should first focus on Drume ransomware removal and then attempt data recovery. It is especially crucial because cryptovirus can encrypt restored files and this way you lose your data and money. 

Drume ransomware virus

As many other cybersecurity experts[3] we recommend using reputable tools like FortectIntego and eliminating the virus first. When you remove Drume ransomware this way, all related files and programs can be deleted. Also, professional anti-malware programs that we suggest to use for this job can fix additional changes on the system made by the virus itself.

In most cases, crypto malware like Drume ransomware are designed to delete Shadow Volume Copies or disable some security functions, add new registry keys to block you from accessing specific pages like our website. For this reason, virus termination becomes difficult. Rebooting the machine in Safe Mode can help with this issue.

Malicious email attachments pose as important documents

Computers can get compromised and infected by various malware including the ransomware when users are not paying enough attention to the content they get exposed to. The goal of a cryptovirus is to infect the machine without users' permission or knowledge and launch malicious script. 

The goal is achieved with infected email attachments that contain documents posing as invoices, receipts or reports from services and companies. Once the attached file is downloaded and opened on the machine, the system gets infected with ransomware delivering malware or the malicious cryptovirus directly.

You can also get this virus by launching payload dropper via Windows crack files, patches or license activators. Also, virus infection may be hidden in software setup files, key generators or program files. You should delete suspicious emails from the box as soon as you get them and always choose reputable sources for your software.

Get rid of Drume ransomware and clean the system before data recovery

To remove Drume ransomware from the machine completely, you need to take actions as soon as possible, so that the virus is not going to alter too much on the machine. If the ransomware has enough time, it may disable your antivirus program or launch additional scripts to make the elimination difficult.

For the Drume ransomware removal as for any other cryptovirus that works similarly, we recommend getting a professional anti-malware program. A full system scan performed by the malware-fighting tool can improve the performance of PC and terminate possible threats.

Eliminate Drume ransomware and clean the damage at the same time. You can rely on FortectIntego, SpyHunterCombo Cleaner, or MalwarebytesMalwarebytes for the system cleaning. However, remember that databases on these tools may vary and you may need to try a few of them to delete this threat once and for all.

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.