Threat Database Ransomware BlackSheep Ransomware

BlackSheep Ransomware

By GoldSparrow in Ransomware

The BlackSheep Ransomware is designed to encrypt the victim's files, making them inaccessible. The BlackSheep Ransomware will take the victim's computer hostage. Once the BlackSheep Ransomware has locked the victim's files, it will demand the payment of a ransom from the victim to release the affected files. Encryption ransomware Trojans like the BlackSheep Ransomware are among the most common threat infections active currently. Although threats like the BlackSheep Ransomware can be removed with a reliable security program that is fully up-to-date easily, the scary thing about these threats is that even if the BlackSheep Ransomware itself is removed, once the victim's files have been encrypted, they cannot be recovered without the decryption key – the damage is done. Because of this, the con artists rely on these attacks to extort computer users, taking their files hostage and then demanding the ransom payment in exchange for the decryption key needed to restore the affected files.

A New Member on the BlackSheep Flock

There are countless variants of the BlackSheep Ransomware tactic. The version of the BlackSheep Ransomware observed by PC security researchers demands a ransom of $500 USD to be paid in BitCoins. The BlackSheep Ransomware encrypts its victims' files and adds the file extension '.666' to the end of each affected file's name to make it clear which files have been affected by the BlackSheep Ransomware attack. Ransomware Trojans like the BlackSheep Ransomware are becoming more common increasingly, and computer users should protect their computers from this threat. The BlackSheep Ransomware combines a screen locker approach in its attack, essentially blocking access to the victim's computer while it encrypts the victim's files.

How the BlackSheep Ransomware Carries out Its Attack

The BlackSheep Ransomware is part of a wave of ransomware Trojans released in May 2017, which include threats like the FuckTheSystem Ransomware Trojan, which was released in the earlier part of the month. The BlackSheep Ransomware runs as an executable file named BLACKSHEEP.exe, which carries out the BlackSheep Ransomware's encryption. As part of its attack, the BlackSheep Ransomware will display a lock screen that takes up the entire victim's screen and is designed to look like a blue Windows Update notification. However, a closer look will reveal various inconsistencies that make it clear that the screen presented by the BlackSheep Ransomware is not related to the Windows operating system. This screen makes it seem as if a Windows Update is being carried out while, in reality, the BlackSheep Ransomware is encrypting the victim's files in the background silently. The BlackSheep Ransomware's lock screen takes the form of a blue full-screen window with the message:

'Wait Until It's Completed
Window Update in Progress'

The BlackSheep Ransomware will target the user-generated files in its attack, encrypting the files generated with software like Microsoft Office or Adobe Photoshop as well as images, movies, music, and numerous other file types. Once encrypted by the BlackSheep Ransomware, the file extension '.666' will be added to the file's name. After encrypting the victim's files, the BlackSheep Ransomware will display a ransom note that claims that it is necessary to pay $500 USD in Bitcoins within 54 hours, or the files will be lost permanently. The following is the full text displayed in the BlackSheep Ransomware's ransom note:

'ALL YOUR IMPORTANT FILES, DOCUMENTS, MP3s, VIDEOS, AND EVEN YOUR COMPUTER SCREEEN IS HACKED. THERE IS NO SOLUTION ANYWHERE UNLESS YOU PAY $500 TO GET THE KEY TO DECRYPT WE CAN BE NICE AND WE CAN BE SO MEAN, IT ALL DEPENDS ON YOU. PAY WITHIN 54 HOURS. PAY INTO THE BITCOIN ADDRESS BELOW.'

Dealing with a BlackSheep Ransomware Infection

The best way to deal with the BlackSheep Ransomware is to have a reliable backup system so that the encrypted files can be restored from the backup copy. A reliable security program also can be used to remove the BlackSheep Ransomware, although it will not restore the affected files. Due to the nature of the BlackSheep Ransomware, it is likely that PC security researchers will release a decryption key eventually.

Trending

Most Viewed

Loading...