Severity scale:  
  (93/100)

Drume ransomware. How to remove? (Uninstall guide)

removal by Ugnius Kiguolis - - | Type: Ransomware

Drume ransomware is the cryptovirus that demands payment for encrypted files in the ransom note called _open_.txt

Drume ransomware
Drume ransomware virus is the type of malware that focuses on cryptocurrency extortion and making the profit. Users' files get locked for this purpose.

Drume ransomware – a virus that hails from the same ransomware family which releases a handful of versions in one week of March 2019. This is one of the newest versions of the Djvu ransomware virus that came to the wild only slightly altered. Probably the only difference from other previous versions besides the .drume file extension is the ransom note file name, but not the text or contact information. Drume ransomware virus encrypts users' files and delivers _open_.txt file with the information about ransom amount of $980. As before, there is an opportunity to get a 50% discount if you contact cybercriminals in less than 72 hours. However, paying the ransom is not an option, and you should remove this threat and clean the device instead. You may lose your money or files if you try to contact virus developers. Remember that this virus also belongs to a STOP ransomware family.

Name Drume ransomware
Type Cryptovirus
Related Djvu ransomware
Ransomware family STOP ransomware
File extension .drume
Ransom note _open_.txt
Ransom amount $980
Contact email blower@firemail.cc; blower@india.cc
Removal tips Employ the reputable anti-malware program and remove Drume ransomware. Clean the virus damage using Reimage

Unfortunately, Drume ransomware virus hails from a whole cryptovirus family called STOP ransomware that first was spotted in December 2017. However, the primary version of this threat is Djvu ransomware that has been especially active for the past month because researchers discovered at least fifteen variants already. 

Drume ransomware is not very changed when compared to previous versions because the text in the ransom note is identical to previously discovered ransomware and the amount of ransom, including the half off discount, is one of the unifying features. [1]

As per usual Drume ransomware comes to the world with a different file maker, so when users' photos, documents or databases get encoded .drume appears at the end of each file. Immediately after the encryption ransom message appears in every folder of the computer. The note reads the following:

ATTENTION!
Don’t worry, you can return all your files!
All your files documents, photos, databases and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees do we give to you?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information
Don’t try to use third-party decrypt tools because it will destroy your files.
Discount 50% available if you contact us first 72 hours.
=======================================================
To get this software you need write on our e-mail:
blower@india.com

Reserve e-mail address to contact us:
blower@firemail.cc

Your personal ID:
================================================

You should never trust people behind cyber threats like Drume ransomware because those people are criminals and all they want is to trick you into paying the demanded amount. Unfortunately, there is little possibility that paying could work as an option to get your files back. In most cases, developers disappear after that money transfer.[2] 

The main focus of cyber threats like Drume ransomware is to get users' money by encrypting their files and demanding to pay for the recovery. Unfortunately, criminals cannot guarantee that you will get your files after the payment. The best solution for those locked files is data backups or file restoring software.

However, you should first focus on Drume ransomware removal and then attempt data recovery. It is especially crucial because cryptovirus can encrypt restored files and this way you lose your data and money. 

As many other cybersecurity experts[3] we recommend using reputable tools like Reimage and eliminating the virus first. When you remove Drume ransomware this way, all related files and programs can be deleted. Also, professional anti-malware programs that we suggest to use for this job can fix additional changes on the system made by the virus itself.

In most cases, crypto malware like Drume ransomware are designed to delete Shadow Volume Copies or disable some security functions, add new registry keys to block you from accessing specific pages like our website. For this reason, virus termination becomes difficult. Rebooting the machine in Safe Mode can help with this issue.

Malicious email attachments pose as important documents

Computers can get compromised and infected by various malware including the ransomware when users are not paying enough attention to the content they get exposed to. The goal of a cryptovirus is to infect the machine without users' permission or knowledge and launch malicious script. 

The goal is achieved with infected email attachments that contain documents posing as invoices, receipts or reports from services and companies. Once the attached file is downloaded and opened on the machine, the system gets infected with ransomware delivering malware or the malicious cryptovirus directly.

You can also get this virus by launching payload dropper via Windows crack files, patches or license activators. Also, virus infection may be hidden in software setup files, key generators or program files. You should delete suspicious emails from the box as soon as you get them and always choose reputable sources for your software.

Get rid of Drume ransomware and clean the system before data recovery

To remove Drume ransomware from the machine completely, you need to take actions as soon as possible, so that the virus is not going to alter too much on the machine. If the ransomware has enough time, it may disable your antivirus program or launch additional scripts to make the elimination difficult.

For the Drume ransomware removal as for any other cryptovirus that works similarly, we recommend getting a professional anti-malware program. A full system scan performed by the malware-fighting tool can improve the performance of PC and terminate possible threats.

Eliminate Drume ransomware and clean the damage at the same time. You can rely on Reimage, Malwarebytes MalwarebytesCombo Cleaner, or Plumbytes Anti-MalwareMalwarebytes Malwarebytes for the system cleaning. However, remember that databases on these tools may vary and you may need to try a few of them to delete this threat once and for all.

Offer
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Malwarebytes.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

To remove Drume virus, follow these steps:

Remove Drume using Safe Mode with Networking

Delete Drume ransomware from the machine by entering the Safe Mode with networking before the system scan

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Drume

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Drume removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Drume using System Restore

Try System Restore feature as a method to get rid of Drume ransomware

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Drume. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Drume removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Drume from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by Drume, you can use several methods to restore them:

Data Recovery Pro can work for encrypted files

Data Recovery Pro also restores files lost in other instances besides ransomware attack

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Drume ransomware;
  • Restore them.

Windows Previous Versions feature is helpful for Windows users

However, you should enable System Restore before using Windows Previous Versions as file recovery method

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Try ShadowExplorer for file restoring purposes

This is yet another feature that can be used instead of data backups. However, when Shadow Volume Copies get deleted, by the Drume ransomware, this method is not useful

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Decryption tool is not available

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Drume and other ransomwares, use a reputable anti-spyware, such as Reimage, Malwarebytes MalwarebytesCombo Cleaner or Plumbytes Anti-MalwareMalwarebytes Malwarebytes

About the author

Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions

References