Kaandsona Ransomware
The Kaandsona Ransomware is an encryption Trojan that was discovered on January 16th, 2017 when users reported strange files with the '.kencf' extension. The Kaandsona Ransomware may be referred to as the RansomTroll Ransomware on some cyber security blogs considering the logo of the Trojan is a green troll glancing at a laptop. There are security experts suspecting that the Kaandsona Ransomware is developed in Estonia considering that the name can be pronounced as 'Käändsõna' in Estonian, but there is no evidence to support a thesis for the origin of the Kaandsona Ransomware. Trojans such as the Kaandsona Ransomware are developed in a 'clean environment' that is a virtual PC that has limited access to the Internet and serves as a proxy. When the Kaandsona Ransomware is packed, it undergoes a procedure where tags like origin, publisher, version umber, ownership, and others are removed from the executable to hide the person who crafted it. Understandably, finding the extortionists behind the Kaandsona Ransomware can be difficult.
The Kaandsona Ransomware is a ransomware Trojan that is being used to attack computer users in January 2017. The Kaandsona Ransomware encrypts the victim's files to demand the payment of a ransom. PC security researchers advise computer users to establish preventive measures to protect their PCs from threats like the Kaandsona Ransomware and minimize the damage in case of an attack.
Table of Contents
The Kaandsona Ransomware also is Known as the RansomTroll Ransomware
The Kaandsona Ransomware was first observed on January 16, 2017. The Kaandsona Ransomware identifies the files encrypted during its attack by adding the extension '.kencf' to the end of the affected files' names. The Kaandsona Ransomware also may receive the name RansomTroll Ransomware due to the use of a logo featuring a green troll using a computer. The Kaandsona Ransomware's name may indicate an Estonian origin for this threat. However, it can be difficult to know for sure where the Kaandsona Ransomware originated or who created it exactly since the people responsible for these attacks typically strip the threat's code of any traces of data that could be used to identify its creators.
How the Kaandsona Ransomware and Similar Threats may be Distributed
The distribution method associated with the Kaandsona Ransomware is typical of these threat attacks. The Kaandsona Ransomware may be sent to the victim in the form of a file attachment contained in a spam email message. These email messages may contain logos and text that makes it seem as if a legitimate company sent the message. The email attachments used to deliver the Kaandsona Ransomware take the form of DOCX files with corrupted macros, which connect to a remote server and download the Kaandsona Ransomware onto the victim's computer. Once the Kaandsona Ransomware is installed, it encrypts the victim's files using a strong encryption method. The Kaandsona Ransomware will encrypt numerous file types, including the following:
.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD,.WMV, .XLS, .XLSX, .XPS, .XML, .CKP, ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.
Once the Kaandsona Ransomware has finished encrypting a file, it adds the file extension '.kencf' to the end of the file's name. This makes it simple to find out which files have been compromised during the Kaandsona Ransomware's attack. The Kaandsona Ransomware delivers its ransom note in the form of an HTA application window, which contains the following message:
'You have been struck by the holy the Kaandsona ransomware
Either you pay 1 BTC in 24 hours, or you lose ALL FILES'
Dealing with the Kaandsona Ransomware Infection
At the current exchange rate, 1 BitCoin (the Kaandsona Ransomware's ransom amount) is equivalent to approximately $850 USD. PC security researchers advise computer users to avoid paying this amount. Research has shown that ransomware creators are likely to ignore a payment or may even ask for more money after the payment is carried out. Instead, you should take steps to prevent the Kaandsona Ransomware attacks. As a first step, you should ensure that the corrupted spam email message never lands in your email inbox by using a reliable anti-spam filter. Malware researchers strongly advise computer users never to open unsolicited email attachments. An updated security program can intercept the Kaandsona Ransomware before it infects a computer as well. However, the best way to diminish the damage from a the Kaandsona Ransomware attack is to have backups of all files, allowing an easy recovery in the event of an attack.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.