Severity scale:  

Remove Drume ransomware (Decryption Steps Included) - Free Guide

removal by Ugnius Kiguolis - - | Type: Ransomware

Drume ransomware is the cryptovirus that demands payment for encrypted files in the ransom note called _open_.txt

Drume ransomware

Drume ransomware – a virus that hails from the same ransomware family which releases a handful of versions in one week of March 2019. This is one of the newest versions of the Djvu ransomware virus that came to the wild only slightly altered. Probably the only difference from other previous versions besides the .drume file extension is the ransom note file name, but not the text or contact information. Drume ransomware virus encrypts users' files and delivers _open_.txt file with the information about ransom amount of $980. As before, there is an opportunity to get a 50% discount if you contact cybercriminals in less than 72 hours. However, paying the ransom is not an option, and you should remove this threat and clean the device instead. You may lose your money or files if you try to contact virus developers. Remember that this virus also belongs to a STOP ransomware family.

Name Drume ransomware
Type Cryptovirus
Related Djvu ransomware
Ransomware family STOP ransomware
File extension .drume
Ransom note _open_.txt
Ransom amount $980
Contact email;
Removal tips Employ the reputable anti-malware program and remove Drume ransomware. Clean the virus damage using Reimage Reimage Cleaner Intego

Unfortunately, Drume ransomware virus hails from a whole cryptovirus family called STOP ransomware that first was spotted in December 2017. However, the primary version of this threat is Djvu ransomware that has been especially active for the past month because researchers discovered at least fifteen variants already. 

Drume ransomware is not very changed when compared to previous versions because the text in the ransom note is identical to previously discovered ransomware and the amount of ransom, including the half off discount, is one of the unifying features. [1]

As per usual Drume ransomware comes to the world with a different file maker, so when users' photos, documents or databases get encoded .drume appears at the end of each file. Immediately after the encryption ransom message appears in every folder of the computer. The note reads the following:

Don’t worry, you can return all your files!
All your files documents, photos, databases and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees do we give to you?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information
Don’t try to use third-party decrypt tools because it will destroy your files.
Discount 50% available if you contact us first 72 hours.
To get this software you need write on our e-mail:

Reserve e-mail address to contact us:

Your personal ID:

You should never trust people behind cyber threats like Drume ransomware because those people are criminals and all they want is to trick you into paying the demanded amount. Unfortunately, there is little possibility that paying could work as an option to get your files back. In most cases, developers disappear after that money transfer.[2] 

The main focus of cyber threats like Drume ransomware is to get users' money by encrypting their files and demanding to pay for the recovery. Unfortunately, criminals cannot guarantee that you will get your files after the payment. The best solution for those locked files is data backups or file restoring software.

However, you should first focus on Drume ransomware removal and then attempt data recovery. It is especially crucial because cryptovirus can encrypt restored files and this way you lose your data and money. 

Drume ransomware virusDrume ransomware is a cryptovirus that offers to lower the amount of ransom by half if you contact them in less than 72 hours after the encryption.

As many other cybersecurity experts[3] we recommend using reputable tools like Reimage Reimage Cleaner Intego and eliminating the virus first. When you remove Drume ransomware this way, all related files and programs can be deleted. Also, professional anti-malware programs that we suggest to use for this job can fix additional changes on the system made by the virus itself.

In most cases, crypto malware like Drume ransomware are designed to delete Shadow Volume Copies or disable some security functions, add new registry keys to block you from accessing specific pages like our website. For this reason, virus termination becomes difficult. Rebooting the machine in Safe Mode can help with this issue.

Malicious email attachments pose as important documents

Computers can get compromised and infected by various malware including the ransomware when users are not paying enough attention to the content they get exposed to. The goal of a cryptovirus is to infect the machine without users' permission or knowledge and launch malicious script. 

The goal is achieved with infected email attachments that contain documents posing as invoices, receipts or reports from services and companies. Once the attached file is downloaded and opened on the machine, the system gets infected with ransomware delivering malware or the malicious cryptovirus directly.

You can also get this virus by launching payload dropper via Windows crack files, patches or license activators. Also, virus infection may be hidden in software setup files, key generators or program files. You should delete suspicious emails from the box as soon as you get them and always choose reputable sources for your software.

Get rid of Drume ransomware and clean the system before data recovery

To remove Drume ransomware from the machine completely, you need to take actions as soon as possible, so that the virus is not going to alter too much on the machine. If the ransomware has enough time, it may disable your antivirus program or launch additional scripts to make the elimination difficult.

For the Drume ransomware removal as for any other cryptovirus that works similarly, we recommend getting a professional anti-malware program. A full system scan performed by the malware-fighting tool can improve the performance of PC and terminate possible threats.

Eliminate Drume ransomware and clean the damage at the same time. You can rely on Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner, or Malwarebytes for the system cleaning. However, remember that databases on these tools may vary and you may need to try a few of them to delete this threat once and for all.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove Drume virus, follow these steps:

Remove Drume using Safe Mode with Networking

Delete Drume ransomware from the machine by entering the Safe Mode with networking before the system scan

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Drume

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner Intego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Drume removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Drume using System Restore

Try System Restore feature as a method to get rid of Drume ransomware

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Drume. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner Intego and make sure that Drume removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Drume from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by Drume, you can use several methods to restore them:

Data Recovery Pro can work for encrypted files

Data Recovery Pro also restores files lost in other instances besides ransomware attack

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Drume ransomware;
  • Restore them.

Windows Previous Versions feature is helpful for Windows users

However, you should enable System Restore before using Windows Previous Versions as file recovery method

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Try ShadowExplorer for file restoring purposes

This is yet another feature that can be used instead of data backups. However, when Shadow Volume Copies get deleted, by the Drume ransomware, this method is not useful

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Decryption tool is not available

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Drume and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions


Your opinion regarding Drume ransomware