What is the BlackSheep Rasomware? It is a cryptovirus ransomware that shows a fake Windows Update screen. Many users have fallen into its trick since they thought that it is a Windows update for their system. After clicking the fake Windows Update, the BlackSheep ransomware will start to locate your files and encrypt them. The ransomware adds the extension of .666 after it completes the encryption process. After he encryption process, the BlackSheep ransomware then displays the ransom note that contains the following message:
“ALL YOUR IMPORTANT FILES, DOCUMENTS, MP3s, VIDEOS, AND EVEN YOUR COMPUTER SCREEN IS HACKED. THERE IS NO SOLUTION ANYWHERE UNLESS YOU PAY $500 TO GET THE KEY TO DECRYPT WE CAN BE NICE AND WE CAN BE SO MEAN, IT ALL DEPENDS ON YOU. PAY WITHIN 54 HOURS. PAY INTO THE BITCOIN ADDRESS BELOW.”
The BlackSheep Ransomware is part of the group of ransomware released in May, 2017. It includes the FuckTheSystem ransomware that was released in early May, 2017. This ransomware runs as BLACKSHEEP.exe which is an executable file that carries out the encryption process. Part of the encryption process is the display of a full blue screen in the guise of a Windows Update notification. But if you look closely, you will see various inconsistencies which shows that it is the works of the BlackSheep ransomware and has nothing to do with updating the Windows operating system. While displaying the fake Windows Update in Progress screen, it starts to encrypt all your files. It usually targets the user-generated files which could be the important ones.
The BlackSheep ransomware could spread on different ways. It uses a payload dropper to initiate the malicious script that is being spread on the internet. This ransomware can be obtained through social media and file-sharing services too. The freeware found on the web is usually bundled with other installers and executable files like the BLACKSHEEP.exe. This ransomware can also make entries on your Windows Registry to achieve persistence and to make it hard for users to remove the infection from their computer. These entries are typically made to launch the infection automatically whenever you start your system.
Here are the instructions in removing the BlackSheep Ransomware but before you proceed, make sure to reboot your computer into Safe Mode.
Windows XP/Windows Vista/Windows 7
- Restart your computer.
- Press the F8 key for a couple of times to open the Boot menu.
- Navigate to Safe Mode using arrow keys, and then press Enter.
Windows 8/Windows 8.1
- On the Metro User Interface screen press the Power icon.
- Tap and hold the Shift key and click on Restart.
- Select Advanced options from the Troubleshooting menu.
- Navigate to Startup Settings and press Restart.
- Press the F4 key to reboot in Safe Mode.
Removing BlackSheep Ransomware:
- Open the Windows Task Manager by pressing Ctrl + Shift + Esc. Go to the Processes Locate the BlackSheep Ransomware or any suspicious processes. Right-click on them and select Open File Location then scan them using any up-to-date antivirus. After opening each folder, end the infected processes and delete their folders.
- Delete everything under these directories.
- Go to the Registry Editor by pressing Start key + R and typing in Regedit in the dialog box. (Take note that modifying your Registry can affect your computer, be sure to create backups of entries you wish to modify or delete.)
- In the Registry Editor, press Ctrl + F to find BlackSheep ransomware and other related files.
- Right-click on the BlackSheep or any related entries and delete.
- Open you File Explorer by pressing Win + E.
- Look for the exe or any malicious executable files you saved from the spam or you have downloaded and ran prior to the attack.
- Delete the malicious executable file.
- Go to your Recycle Bin and erase everything.
- Reboot your computer in Normal Mode.
If you don’t want to go through all these procedures, you seek the help of an excellent antivirus program like SpyRemover Pro. This software has a high Detection rate that can easily identify any hidden virus like a Trojan horse. Apart from its user-friendly interface, it also has a 24/7 tech support to assist you.