BlackSheep Ransomware Removal Guide

BlackSheep Ransomware is a malicious program that takes your files and the computer itself as hostages. The cyber criminals behind the malware demand to pay a ransom in fifty-four hours or else they threaten to increase the price three times. However, instead of hurrying to pay it, we would advise users to think this through carefully. These people cannot be trusted as they might promise to help you, but have no intention to do so. The problem is, once the payment is made you will not be able to get it back, so the infection’s creators will have your money even if they do not keep up to their promise. Therefore, instead of putting your savings at risk, we recommend erasing BlackSheep Ransomware with no hesitation. For this reason, we are adding removal steps below the article. Of course, if you cannot decide what to do yet, you should just read the article first and learn more about the malware.

So far it seems the infection is traveling through malicious files that could be delivered through email. To convince the user to open it the ransomware’s creators could make it look like it is an important document or update; thus, the only way to avoid threats like BlackSheep Ransomware is to be careful with any data sent via email even if it does not look harmful from the first sight. If you receive data from an unknown sender or without any explanation what it is and there are valuable or personal files on the system you do not wish to lose, we would advise you to scan the attachment with a legitimate antimalware tool. Scanning questionable data first lets the user identify malicious files without endangering the system, so if you do not have a tool you could perform this task with, you may want to consider acquiring it.

Soon after the malware is launched, the user should see a blue screen saying “Wait Until Completed. Window Update in Progress.” What should make users doubt the message’s legitimacy is the obvious mistake in word "Windows" and the loading picture, which is not supposed to be on top of the text. Unfortunately, if you pay no attention to such details, you may not realize the device was infected. In such case, BlackSheep Ransomware should locate all private data and lock it with a secure cryptosystem to make it unusable. On top of it, the threat also locks the screen as it displays a borderless orange window. It contains ransom note, particular Bitcoin wallet address, decryption key box, and a couple of buttons showing further instructions.

If the Task Manager was not blocked, it could be used to kill the malicious program’s process and unlock the screen. Our researchers say Alt+F4 combination does not work either because then you only receive an additional pop-up saying “STOP THAT SHIT, PAY YOUR RANSOME.” As we stated in the beginning, paying the ransom is something we would strongly advise against. We cannot know if BlackSheep Ransomware’s creators have the decryption key you need. Not to mention, they may be not so eager to send it once they get the ransom.

Provided you do not want to fund the malware’s developers; we urge you to take a look at the instructions located at the end of this text and delete the infection. For starters, you should complete the first part of instructions to reboot the computer in Safe Mode with Networking. Then you can choose to either follow the rest of the provided instructions and erase BlackSheep Ransomware manually or install a trustworthy security tool and let it remove the malicious program for you.

Restart the computer in Safe Mode with Networking

Windows 8\Windows 10

1. Press Win+I and click the Power button.
2. Click Shift and hold it as you select Restart.
3. Pick Troubleshoot to access Advanced Options.
4. Navigate to Startup Settings and select Restart.
5. Click F5 to select restart in Safe Mode with Networking.

Windows XP\Windows Vista\Windows 7

1. Open Start, click on Shutdown options and select Restart.
2. Start pressing F8 as soon as the system begins restarting.
3. Wait till the Advanced Boot Options window shows up and pick Safe Mode with Networking.
4. Press Enter and log on as usual.

Get rid of BlackSheep Ransomware

1. Press Win+E.
2. Locate the listed paths:
   %TEMP%
   %USERPROFILE%\desktop
   %USERPROFILE%\downloads
3. Find the malicious file you could have opened at the time the system got infected.
4. Right-click the file you suspect and select Delete.
5. Close the Explorer.
6. Empty Recycle bin.
7. Restart the computer.