Kaandsona Ransomware

Kaandsona Ransomware is a recently discovered malicious program that was designed to encrypt your personal files and demand that you pay money for the decryption key if you want to get them back. You should not trust cyber crooks to keep their word because they often do not. Given that it threatens to delete your files in 24 hours, we recommend that you remove it from your PC as soon as possible because that way you will be able to keep the encrypted files and perhaps decrypt them with a free third-party decryption tool. For more information, please read this whole article.

We have gathered as much information about Kaandsona Ransomware as possible. However, we found very little information regarding its distribution. Nevertheless, we have found that its main dissemination method is most likely email spam. Email spam is a very popular method to distribute ransomware. It seems that, like many other ransomware, Kaandsona Ransomware is included in an attached file of the emails and sent from a dedicated server. There is no information about which demographic region this ransomware is set to target, but it does not look like it is too picky when it comes to infecting computers. The file attached to an email may look like a PDF or MS word file, but actually be an executable or at least a .dynamic Link Library or Java-Script files that are run by third-party software. Still, this information is not concrete, but distribution via email is the most plausible distribution strategy.

If Kaandsona Ransomware manages to get onto your computer, it will run immediately and start encrypting your files. Our research suggests that it should use the RSA or AES encryption method. Regardless of the choice of encryption algorithm, the encryption is rather strong, and a free decryption tool has yet to be released which is unfortunate because this program targets files most likely to contain personal information. This ransomware was configured to target document, video, audio, and image files. Basically, it can encrypt many file formats, so rest assured that it will encrypt something that you hold valuable.

While encrypting, Kaandsona Ransomware appends the files with the .kencf file extension. Once the encryption process is complete, it will launch its graphical user interface that features a time set to run out after 24 hours. The message inside the window says that your files were encrypted and that you have to send 1 BTC which is an approximate 890.28 USD. As you can see, it demands that you pay a substantial sum of money which might not be worth your files. However, it is up for you to decide which course of action you should take. However, the ransom payment will finance the development of new ransomware.

There is not a shadow of a doubt that Kaandsona Ransomware is a malicious program. Our analysis has shown that it is rather dangerous and decrypting its encryption key with a free third-party decryptor is not possible at the moment because such a decryptor has not been created yet. You should also consider the fact that your files might not be decrypted after you pay the ransom. Therefore, we recommend that you remove this ransomware manually using SpyHunter's free malware detection feature and wait for a free decryption tool.

Removal Guide

1. Go to http://www.pcthreat.com/download-sph
2. Download SpyHunter-Installer.exe
3. Run the Installation Wizard.
4. Launch the program once it is installed.
5. Select Scan Computer Now! And let is scan the PC.
6. Then, simultaneously hold down Win+E keys.
7. Enter the file path of the file from the scan results in the File Explorer’s address box.
8. Press Enter.
9. Right-click the malicious file and click Delete.
10. Empty the Recycle Bin.