BlackSheep Ransomware

What is BlackSheep Ransomware?

BlackSheep Ransomware shows fake system message to confuse the victim and stop him from interrupting the malicious application’s installation. According to our researchers, this infection should show fake Windows updates screen that user may receive after launching a suspicious file. The notification might look rather realistic, but some details show that it could be fictitious, e.g. a misplaced loading sign. If you fail to notice anything strange and do not interrupt the process, the malware should lock your screen and encrypt all valuable data located on the computer. The good news is deleting BlackSheep Ransomware can unlock the screen, and the bad news is erasing the infection does not undo the damage it already made. However, paying the ransom does not guarantee you will be able to decrypt enciphered files either, so instead of risking your money, we advise to use the instructions located below and regain the control of the device.testtesttest

Where does BlackSheep Ransomware come from?

Usually, users do not have to download anything by themselves to update Windows as it does this automatically. Also, before updates take place the computer’s user should be notified of what is about to happen. Thus, if your system starts updating right after you download and launch some suspicious file, you may suspect the shown Windows updates screen could be fake. Our computer security specialists believe BlackSheep Ransomware’s installers could be distributed through Spam emails, so the malware’s victims should see the fictitious message right after opening an infected email attachment.

How does BlackSheep Ransomware work?

At the time you are seeing the fake updates window the malicious application should be encrypting its targeted files one by one. Our specialists confirm the infection is after user’s personal data, e.g. documents, pictures, photos, etc. Such files should be marked with .666 extension when the encryption process is finished, although the user can see these changes only after unlocking the screen. BlackSheep Ransomware blocks user’s screen by placing a full-size window on top of it.

The provided message suggests that the only way to undo the malicious application’s damage is to pay a ransom of $500. As usual, the hackers demand it to be paid in Bitcoin so they could remain anonymous. There are two buttons providing additional information: if the user clicks “Contact us” he receives the hacker’s email address, and if “More Details” is pressed you are provided with additional conditions. Apparently, the ransom should be paid in 54 hours, or it will be tripled. Moreover, it is said that if the user does not pay the ransom in one week, he loses the chance ever to recover such data. These threats might sound scary, but we encourage you not to give in under this pressure. There are no guarantees the BlackSheep Ransomware’s creators have the decryption tool and even if they do who, can promise they will keep up to their work and send it to you? Therefore, we advise you not to deal with the hackers and look for other possible solutions instead, e.g. recovery tools, copies from removable media devices, etc.

How to remove BlackSheep Ransomware?

If you wish to get back the control of your computer, you will have to restart it in Safe Mode no matter which deletion method you choose. Since common key combinations do not help and the malware blocks Task Manager, there is no other way to unlock the screen. If you restart in Safe Mode with Networking, you can download a reliable antimalware tool and use its scanning feature to detect and remove BlackSheep Ransomware automatically. The other way to erase the infection is to get rid of its data manually. Instructions explaining the manual deletion process will be provided below the text, right after the steps showing how to restart the system in Safe Mode with Networking.

Restart your system in Safe Mode with Networking

Windows 8/Windows 10

  1. Press Windows Key+I to click the Power button.
  2. Hold the Shift key and click Restart.
  3. Choose Troubleshoot to pick Advanced Options.
  4. Go to Startup Settings and press Restart.
  5. Click the F5 key to restart in Safe Mode with Networking.

Windows XP/Windows Vista/Windows 7

  1. Open Start menu.
  2. Press Shutdown options to select Restart.
  3. Keep clicking the F8 key when you notice the PC starts restarting.
  4. Choose Safe Mode with Networking from the Advanced Boot Options window.
  5. Click Enter and log on.

Eliminate BlackSheep Ransomware manually

  1. Press Windows key+E.
  2. Navigate to your Desktop, Downloads, Temporary Files, or other directories where the infection’s launcher could have been downloaded.
  3. Select the questionable file and press Shift+Delete.
  4. Close the Explorer.
  5. Restart the computer. 100% FREE spyware scan and
    tested removal of BlackSheep Ransomware*

Leave a Comment

Enter the numbers in the box to the right *