I wrote this article to help you remove BlackSheep Ransomware. This BlackSheep Ransomware removal guide works for all Windows versions.
Black sheeps stand out from the herd, don’t they? They are different. And so is the BlackSheep ransomware. It also stands out not only for its name but also with its way of operation. As a ransomware, BlackSheep enters your machine in silence and then proceeds to encrypt your files. But while it is doing so, the pest displays a fake Windows Update screen. Clever, isn’t it? This way, the infection assures that you won`t be using your computer while it is locking your data. It won`t be interrupted and it will be able to use all of your PC`s resources. You won`t be able to stop the encryption process and it will be completed much faster.
The BlackSheep`s developers are quite creative. So, all of your files get locked while you think there is an update installing. Your pictures, videos, documents, MS Office files, etc. become unreadable to your machine. The ransomware appends to them the “.666” extension and your PC cannot recognize them anymore. For instance, if you had a file named “mysong.mp3”, after being encrypted is becomes “mysong.mp3.666”. All your data gets turned into unusable gibberish.
Once the file-locking is over, the ransomware proceeds with the standard steps. It drops its ransom note, according to which you have only 52 hours to pay the ransom, otherwise, the hackers will become “mean”. They demand $500 in Bitcoins transferred to the Bitcoin address they provided and promise to send you a decryption tool once you have paid. Needless to say, you cannot trust these people to keep their end of the bargain. They only want your money and couldn’t care less about your data. Who`s to say that they will actually send you the decryptor? Or that they will send you a working decryptor? No one can guarantee that. You are dealing with cybercriminals which cannot be trusted. There is another scenario.
The BlackSheep Ransomware
You pay the sum of $500 but the crooks get greedy and start blackmailing you for more money. How much money are you willing to give them? You do know that every cent you pay goes for nothing but more malware creation and business expansion, don’t you? Moreover, even if you pay and they give you a fully working tool, you still lose. Yes, the tool will help you free your data but it only goes that far. The ransomware itself remains on board. The decryptor cannot remove it. This means that even If you unlock your files they can get re-encrypted hours later and you get sent back to square one.
Paying is not an option as you have zero guarantees. One this is guaranteed, though: the fact that you are becoming a sponsor of crooks and helping them expand. Also, if you use your machine to make the payment, your personally identifiable and financial credentials may get stolen as well. It is not worth the risk. Forget about paying. Instead, use our removal guide below and remove BlackSheep manually. All you have to do is follow the steps in the exact order given.
Once you clean your PC, do your best to protect it better in the future. Ransomware infections rely on trickery and deceit to enter victims` computers. These tricks include bogus updates, fake torrents, spam emails messages, freeware bundles, the help of Trojan horses, compromised pages, malicious ads, etc. The tactics are many but what all of them have in common is that each one needs one thing it cannot succeed without. Your carelessness. Ransomware pieces are still programs and they need your approval on their installment. This is why they use tricks.
For example, you may believe that you are updating Java while you are installing ransomware. Or, an email may look like a legitimate job application while, in fact, it delivers malware. You have to be more vigilant and pay more attention. This is the only way you can keep your PC infection-free. Be on the alert while installing programs too. Don’t skip installation steps and always read the Terms and Conditions. Don’t open emails from strangers. Stay away from shady pages and illegitimate torrents. And last but not least, get yourself a reliable anti-malware program, keep it up to date and perform regular scans of your computer to be sure it is clean.
Method 1: Restore your encrypted files using ShadowExplorer
Usually, BlackSheep Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.
- Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
- Install ShadowExplorer
- Open ShadowExplorer and select C: drive on the left panel
- Choose at least a month ago date from the date field
- Navigate to the folder with encrypted files
- Right-click on the encrypted file
- Select “Export” and choose a destination for the original file
Method 2: Restore your encrypted files by using System Restore
- Go to Start –> All programs –> Accessories –> System tools –> System restore
- Click “Next“
- Choose a restore point, at least a month ago
- Click “Next“
- Choose Disk C: (should be selected by default)
- Click “Next“. Wait for a few minutes and the restore should be done.
Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since BlackSheep Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs: