Hand of God is officially listed as a ransomware. That’s because of obvious reasons – it is aiming to infect computers, encrypt files and demand a ransom. This type of virus is one of the most dangerous and can cause you all sorts of problems.
It look like this virus is using the same tactics of a well-known Ukash virus. Back in the day Ukash was kind of big deal and caused large number of infections, so if Hand of God ransomware is not only using similar solutions on the back end of the virus but the same methods to spread the infection as well, we could be facing another notorious computer virus. Removal instructions for this infection is available at the end of the article, so if you are just looking for a quick fix, scroll down to that part right now. In case you want to learn more about infection -it’s origins and various features, continue reading further from here.
Hand of God – ransomware similar to Ukash
Similarities to Ukash virus are both visual and programmed in the code of ransomware software. However, we failed to find any direct associations between those two, so it might be that developers of Hand Of God virus are simply used Ukash as a good example and applied the technologies that clicked back in the days.
As for know, Hand of God was distributed using two methods – as an attachment to spam emails or promoted in banner advertisements on malicious websites. So basically, the golden rule to avoid malware like this is to protect your computer with real time anti-malware protection all the time and pay attention to websites you are visiting and emails you are opening. Most of the users receive dozens of spam emails every single day and there is absolutely no point to open them or moreover – open files attached to the letters from this category.
In case you were unlucky enough and malicious files of the virus is already inside of your computer, encryption process will begin immediately. Hand of God will scan your computer for personal files and attach unique extension to every single one of them, performing encryption this way.
After that, your screen will be locked with a message, which also serves as a ransom note. Original text:
Sortie de Secours
V0TR3 M4CH1N3 35T M41NT3N4NT INN4CE55I813
ATTENTION You Have Been Hacked !!!
Cet Ordinateur et toutes ses données importantes ont été véroufllé
La Main de Dieu vous puni pour avoir escroqué des chercheurs d’emploi
en leurs promettant un emploi au Canada pour le poste de téléopérateur…
Toutes tentatives de désactivation ultérieures a ce programme échouerons
Vos fonctions systèmes ont été désactivées
Ce Programme est concu pour s‘auto-détruire dans 2 jours en entraînant la
Suppression complete de tous vos fichiers
Comment Désactiver Ce Virus
Vous devez payer le montant de 0.06 Bitcoin (ETC) = 555.29 Dollar (CAD)
à l‘adresse bitcoin suivante : 1Emhk1iJhcVTxPEWu4vqwPyUjXqz33So3F
Moyens de payement
Vous disposez de plusieurs moyens de payement qui consistent
a acheter ou a transferer des bitcoins à l‘adresse indiquée plus haut
Veuillez visiter le site suivant : https://cryptogains.fr/229-comment-acheter-des-bitcoins
The message is in French, thus we can presume that this virus is targeted to the audience speaking French. Nevertheless, your computer can be infected even if you don’t know a single word in French, so here is a brief translation into English:
YOUR MACHINE IS INACCESSIBLE
ATTENTION You Have Been Hacked !!!
This Computer and all its important data have been gobbled
The Hand of God punishes you for cheating job seekers
promising them a job in Canada for the teleoperator position …
Any subsequent disabling attempts to this program will fail
Your system functions have been disabled
This program is designed to self-destruct in 2 days by executing the
complete deletion of all your files
How to Disable This Virus
You must pay the amount of 0.06 Bitcoin (ETC) = 555.29 Dollar (CAD)
at the following bitcoin address: 1Emhk1iJhcVTxPEWu4vqwPyUjXqz33So3F
Means of payment
You have several means of payment which consist
of buying or transferring bitcoins to the address indicated above
Please visit the following site: https://cryptogains.fr/229-how-to-purchase-bitcoins
Users are threatened that their files will be removed for good if they fail to pay the ransom in two days. Ransom is 0.06 Bitcoins, around 500 USD at the time. We do not recommend to try to contact cyber criminals or pay the ransom, because you can be left with nothing. We have recorded cases in the past when users were simply ignored after paying the ransom.
Fast removal of Hand of God Virus
Files associated Hand of God ransomware can be removed easily – simply scan your computer with anti-malware application, such as SpyHunter or Spyhunter and that’s it, the rest will be done by the program automatically. However, neither SpyHunter or Malwarebytes is capable of decrypting files that have been locked by Hand of God and no free decrypter is available at the moment.
Perhaps the only way to unlock files affected by this virus is to restore your system to the previous date. To be able to do that you need to have a backup of your hard drive that was made before the date of infection. Moreover, backup file has to be stored on external drive or on the Internet, otherwise it will be encrypted as well.
Automatic Malware removal tools