Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Hand of God Ransomware

Hand of God Ransomware (or Le Main de Dieu Ransomware) is a malicious infection that was created to fool Windows users into giving their money to cyber criminals who are disguising themselves as the FBI. The funny thing is that while FBI, or Federal Bureau of Investigation, is a federal law enforcement agency in the United States, the message shown to victims is in French and appears to be targeted at those living in Canada. That is one of the many signs indicating that the warning might be fictitious. Although the warning suggests that all data and the computer itself have been locked, it is not the kind of ransomware that encrypts files. In fact, it is just a screen-locker that uses an intimidating screen-locking window to expose victims to misleading instructions. In this report, we review the misleading notification that cyber criminals have created to fool gullible Windows users, and we show how to remove Hand of God Ransomware. If you are interested, please continue reading, and if you come up with any questions about the threat, please add them to the comments section below so that our research team could review and address them.

The screen-locking message shown by Hand of God Ransomware is truly intimidating. It informs: Cet Ordinateur and toutes ses données importantes ont été verouillé. The message suggests that your computer has been locked and all system functions have been disabled for two days until all of your files get removed. It is stated that this is a punishment for fraud that you have committed by offering fictitious jobs in Canada. Obviously, if you have committed a crime like that, you might believe that you have been caught, but if you are not guilty, you should not even think about transferring a ransom of 0.06 Bitcoins to the 1Emhk1iJhcVTxPEWu4vqwPyUjXqz33So3F Bitcoin Address. That is what the message orders you to do. Although the name and logo of FBI are very well-known worldwide, you have to keep in mind that the credentials are added to the misleading notification just to trick you into following the bogus demands. All in all, we believe that most users will recognize the scam. First and foremost, FBI would never lock your computer to extort any payment from you. Second, the crime for which you are allegedly punished is bogus, and you should realize that right away. Finally, no official agency would show you a message written in this format: VOTR3 M4CH1NE3 E5T M41NT3N1NT INN4CE55IB13. These are the clues that should help you realize that you need to delete malware. More specifically, you need to delete Hand of God Ransomware.

According to the bogus notification, 0.06 BTC equals 555.29 Canadian Dollars, but, at the moment, that converts to around 850 CAD. If you paid the ransom, it is unlikely that anything would change. Maybe, your screen would be unlocked, but the malicious files responsible for this malware would remain active on your PC, and so they could be used again. Obviously, you want to remove Hand of God Ransomware files immediately. Unfortunately, the screen is locked, and the Task Manager is blocked, which is why some users are likely to do as told. You should not waste one cent on this screen-locker because it is possible to unlock the screen and remove the malicious ransomware for free. Even if you have paid the fictitious fine, and your computer has been unlocked, keep in mind that you still need to delete Hand of God Ransomware.

You need to reboot your Windows operating system in Safe Mode or Safe Mode with Networking to delete Hand of God Ransomware. If you eliminate the components of this threat successfully, the annoying and misleading screen-locker should be gone when you reboot back into normal mode. If you believe you can erase the threat yourself, go into Safe Mode and erase malicious components immediately. If you are not experienced, and erasing malware is too complicated for you, reboot into Safe Mode with Networking and install a reliable anti-malware program that will get rid of the devious ransomware in no time. We suggest going with the latter option because it is quicker and less messy. Furthermore, if you keep the anti-malware software installed, you will not need to worry about Hand of God Ransomware or any other threats invading your operating system again because your virtual security will be protected.

Hand of God Ransomware Removal

Reboot Windows XP, Windows Vista, or Windows 7:

  1. Restart your computer by pressing the power button.
  2. Wait for the BIOS to load and then start tapping the F8 button.
  3. Using arrow keys select Safe Mode/Safe Mode with Networking and then tap Enter.
  4. Delete the malicious components and then reboot back into normal mode.

Reboot Windows 8, Windows 8.1, or Windows 10:

  1. Simultaneously tap Ctrl+Alt+Delete.
  2. Click the Shut down options menu arrow.
  3. Tap and hold the Shift key and then click Restart.
  4. Select Troubleshoot and then click Advanced options.
  5. Click Startup Settings and then click Restart.
  6. Tap F4 for Safe Mode or F5 for Safe Mode with Networking. Wait for the reboot.
  7. Delete the malicious components and then reboot back into normal mode.

Delete malicious components:

  1. Delete all recently downloaded suspicious files (these can have random names and unique locations).
  2. Launch Windows Explorer by tapping Win+E.
  3. Enter %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ into the bar at the top.
  4. Right-click and Delete the file named AngelFile.exe.
  5. Restart your PC back into normal mode.
  6. Immediately perform a full system scan to check for potential leftovers.
Download Spyware Removal Tool to Remove* Hand of God Ransomware
  • Quick & tested solution for Hand of God Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.