BlackSheep Ransomware Removal Guide

Do you know what BlackSheep Ransomware is?

If BlackSheep Ransomware finds a way to your system, you can prepare for the worst because you may have to say goodbye to all your personal files. Of course, you could be saved if you had a recent backup of your files in a cloud storage place or on a portable hard disk of some sort. Prevention is probably the most important when it comes to such ransomware attacks. Sometimes it is possible that malware hunters can come up with a free tool that can restore your encrypted files after a particular attack, but our researchers have not found such an application yet. In any case, leaving such a dangerous ransomware program on your system would be a big mistake and could render your PC unusable before long. If you want to feel secure in your virtual world, you need to remove BlackSheep Ransomware right away. At the end of this article we will show you how you can do this but before that, let us tell you in more details what our researchers have found out while testing and researching this malicious program in our internal lab.

It is quite likely that you have opened a dangerous spam e-mail recently and viewed its attachment because this is how this ransomware infection is mostly distributed. Spamming can reach lots of unsuspecting users and thus it could be one of the most effective methods. This spam may appear to be authentic and to come from a well-known company or some kind of authorities. The main idea behind it is that you would not have a doubt that it is important for you to open this mail. This is further strengthened by the subject line that may claim that you gave the wrong banking details when you were booking a flight or a hotel room online, your bank account shows suspicious transactions, your credit card may have been used without your knowledge, and the like. If you see such a mail even in your spam folder, you would be likely to want to open it, right?

The problem is that when you open such a spam, you will not have any specific information regarding the supposed "urgent" issue. It is more likely to have a short message pointing you to open the attached file for more information. Of course, if you are not an experienced computer user, you may fall for this trick and save the attachment and then run it. However, you need to understand that when you finally delete BlackSheep Ransomware, your files will have already been encrypted and the removal of this ransomware will not recover them. This is why it is essential that you try to prevent such an attack from happening in the first place. Obviously, you need to be more cautious around your mails and only open those that are surely sent to you personally. It would also help you to install a trustworthy security program that could automatically protect your PC from any kind of malicious attack.BlackSheep Ransomware Removal GuideBlackSheep Ransomware screenshot
Scroll down for full removal instructions

When you initiate this attack by launching the file you find in the spam mail, your screen gets fully covered by a blue window pretending that Windows is updating. You may not even realize the obvious spelling mistakes in the short note in the middle of the screen and may believe that your operating system is really updating. However, what is really happening in the background is that this malicious program is encrypting your personal files that may include all your photos, videos, audio files, documents, archives, and third-party program files. When a file is encrypted, its name will be modified to have a ".666" extension.

After the encryption is over, another window occupies your screen but this time its main color is orange. This is indeed the ransom note that informs you about this attack and that your files and even your screen have been hacked. You can easily confirm the latter because if you press your Alt key along with the F4 key, the active window is supposed to close. In this case though an alert window will pop up with the following text: "Stop that shit, pay your ransom." This is also supposed to scare inexperienced users to believe that this is all for real and the only way out is to pay the 500 USD ransom fee, which has to be transferred to a Bitcoin address provided in this note. You can contact the crooks behind this attack by sending an e-mail to However, we do not recommend that you either contact or pay these cyber criminals. You have no guarantee whatsoever that they will keep their promise. Are your files really worth this much? Do you really want to support cyber crooks? It is all up to you, of course. But we still advise you to remove BlackSheep Ransomware immediatelly.

Since this dangerous malware infection blocks your explorer.exe and Task Manager, it is not that simple to delete BlackSheep Ransomware from your system. First, you need to reboot your system in Safe Mode so that you can remove all related files from it and put an end to this malicious attack. If you want to manually take care of this ransomware, please use our instructions below as a reference. It is possible that currently this is the most dangerous threat on your system but chances are this is not the only one, and let us not forget about possible future attacks. So what can you do to safeguard your PC from any of these? Of course, you can try to be more vigilant and cautious while surfing the web or scanning through your mails. We believe that the best solution for you is to use a decent anti-malware application like SpyHunter to defend your system.

Reboot your system in Safe Mode

Windows XP, Windows Vista, and Windows 7

  1. Restart your PC and press the F8 a few times to bring up the boot menu.
  2. With your arrow keys choose Safe Mode from the list and hit Enter.

Windows 8, Windows 8.1, and Windows 10

  1. Change to the Metro UI screen (e.g., press the Windows key) and click on the Power button.
  2. Press and hold the Shift key while clicking Restart.
  3. Navigate to Advanced options in the Troubleshooting menu.
  4. Choose Startup Settings and select Restart.
  5. Reboot in Safe Mode by tapping the F4 key.

Remove BlackSheep Ransomware from Windows

  1. Tap Win+E to open File Explorer.
  2. Find the malicious executable file you saved from the spam and ran prior to this attack.
  3. Delete this file.
  4. Empty your Recycle Bin.
  5. Restart your computer in Normal Mode.

In non-techie terms:

BlackSheep Ransomware is probably one of the worst nightmares that can happen to you if it suddenly appears on your computer. First you will only see a blue screen that pretends to be a Windows update installation, but indeed your important files are being encrypted while you see that. Then comes the ransom note that will hit you hard because you will realize what has happened and that it will cost you 500 US dollars to decrypt your files, if your attackers deliver as promised at all. We do not advise you to pay this ransom because you may lose your money on top of your precious files. The only thing you can do is remove BlackSheep Ransomware from your system immediately and copy your clean files back if you happen to have a backup copy. If you want to protect your computer more efficiently, we recommend that you install a reliable anti-malware program.