Drume ransomware (Decryption Steps Included) - Free Guide

Drume virus Removal Guide

What is Drume ransomware?

Drume ransomware is the cryptovirus that demands payment for encrypted files in the ransom note called _open_.txt

Drume ransomwareDrume ransomware virus is the type of malware that focuses on cryptocurrency extortion and making the profit. Users' files get locked for this purpose.

Drume ransomware – a virus that hails from the same ransomware family which releases a handful of versions in one week of March 2019. This is one of the newest versions of the Djvu ransomware virus that came to the wild only slightly altered. Probably the only difference from other previous versions besides the .drume file extension is the ransom note file name, but not the text or contact information. Drume ransomware virus encrypts users' files and delivers _open_.txt file with the information about ransom amount of $980. As before, there is an opportunity to get a 50% discount if you contact cybercriminals in less than 72 hours. However, paying the ransom is not an option, and you should remove this threat and clean the device instead. You may lose your money or files if you try to contact virus developers. Remember that this virus also belongs to a STOP ransomware family.

Name Drume ransomware
Type Cryptovirus
Related Djvu ransomware
Ransomware family STOP ransomware
File extension .drume
Ransom note _open_.txt
Ransom amount $980
Contact email blower@firemail.cc; blower@india.cc
Removal tips Employ the reputable anti-malware program and remove Drume ransomware. Clean the virus damage using FortectIntego

Unfortunately, Drume ransomware virus hails from a whole cryptovirus family called STOP ransomware that first was spotted in December 2017. However, the primary version of this threat is Djvu ransomware that has been especially active for the past month because researchers discovered at least fifteen variants already.

Drume ransomware is not very changed when compared to previous versions because the text in the ransom note is identical to previously discovered ransomware and the amount of ransom, including the half off discount, is one of the unifying features. [1]

As per usual Drume ransomware comes to the world with a different file maker, so when users' photos, documents or databases get encoded .drume appears at the end of each file. Immediately after the encryption ransom message appears in every folder of the computer. The note reads the following:

Don’t worry, you can return all your files!
All your files documents, photos, databases and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees do we give to you?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information
Don’t try to use third-party decrypt tools because it will destroy your files.
Discount 50% available if you contact us first 72 hours.
To get this software you need write on our e-mail:

Reserve e-mail address to contact us:

Your personal ID:

You should never trust people behind cyber threats like Drume ransomware because those people are criminals and all they want is to trick you into paying the demanded amount. Unfortunately, there is little possibility that paying could work as an option to get your files back. In most cases, developers disappear after that money transfer.[2]

The main focus of cyber threats like Drume ransomware is to get users' money by encrypting their files and demanding to pay for the recovery. Unfortunately, criminals cannot guarantee that you will get your files after the payment. The best solution for those locked files is data backups or file restoring software.

However, you should first focus on Drume ransomware removal and then attempt data recovery. It is especially crucial because cryptovirus can encrypt restored files and this way you lose your data and money.

Drume ransomware virusDrume ransomware is a cryptovirus that offers to lower the amount of ransom by half if you contact them in less than 72 hours after the encryption.

As many other cybersecurity experts[3] we recommend using reputable tools like FortectIntego and eliminating the virus first. When you remove Drume ransomware this way, all related files and programs can be deleted. Also, professional anti-malware programs that we suggest to use for this job can fix additional changes on the system made by the virus itself.

In most cases, crypto malware like Drume ransomware are designed to delete Shadow Volume Copies or disable some security functions, add new registry keys to block you from accessing specific pages like our website. For this reason, virus termination becomes difficult. Rebooting the machine in Safe Mode can help with this issue.

Malicious email attachments pose as important documents

Computers can get compromised and infected by various malware including the ransomware when users are not paying enough attention to the content they get exposed to. The goal of a cryptovirus is to infect the machine without users' permission or knowledge and launch malicious script.

The goal is achieved with infected email attachments that contain documents posing as invoices, receipts or reports from services and companies. Once the attached file is downloaded and opened on the machine, the system gets infected with ransomware delivering malware or the malicious cryptovirus directly.

You can also get this virus by launching payload dropper via Windows crack files, patches or license activators. Also, virus infection may be hidden in software setup files, key generators or program files. You should delete suspicious emails from the box as soon as you get them and always choose reputable sources for your software.

Get rid of Drume ransomware and clean the system before data recovery

To remove Drume ransomware from the machine completely, you need to take actions as soon as possible, so that the virus is not going to alter too much on the machine. If the ransomware has enough time, it may disable your antivirus program or launch additional scripts to make the elimination difficult.

For the Drume ransomware removal as for any other cryptovirus that works similarly, we recommend getting a professional anti-malware program. A full system scan performed by the malware-fighting tool can improve the performance of PC and terminate possible threats.

Eliminate Drume ransomware and clean the damage at the same time. You can rely on FortectIntego, SpyHunter 5Combo Cleaner, or Malwarebytes for the system cleaning. However, remember that databases on these tools may vary and you may need to try a few of them to delete this threat once and for all.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Drume virus. Follow these steps

Manual removal using Safe Mode

Delete Drume ransomware from the machine by entering the Safe Mode with networking before the system scan

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove Drume using System Restore

Try System Restore feature as a method to get rid of Drume ransomware

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Drume. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that Drume removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Drume from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by Drume, you can use several methods to restore them:

Data Recovery Pro can work for encrypted files

Data Recovery Pro also restores files lost in other instances besides ransomware attack

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Drume ransomware;
  • Restore them.

Windows Previous Versions feature is helpful for Windows users

However, you should enable System Restore before using Windows Previous Versions as file recovery method

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Try ShadowExplorer for file restoring purposes

This is yet another feature that can be used instead of data backups. However, when Shadow Volume Copies get deleted, by the Drume ransomware, this method is not useful

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Decryption tool is not available

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Drume and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Choose a proper web browser and improve your safety with a VPN tool

Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.


Lost your files? Use data recovery software

While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.

To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions