Kaandsona Ransomware Removal Guide

Do you know what Kaandsona Ransomware is?

Kaandsona Ransomware is a malicious application that was developed to encrypt your personal files and demand that you pay money to decrypt them. Our cyber security experts are concerned that this ransomware’s developers might not give you the decryption key after you. So, in the end, you might not only lose your files but suffer a financial loss as well. In this short article, we will discuss how this application is distributed, how it works, and how you can remove it. Therefore, if your computer was infected with this ransomware, please continue reading.

Our malware analysts have concluded that Kaandsona Ransomware is distributed using malicious emails. Indeed, researchers have found information suggesting that this program’s secretive developers have set up a server dedicated to sending email spam to random email addresses in the hopes of infecting the computers of unwary users. The emails should feature this ransomware as an attached Word or PDF file with a double extension. Hence, the file might look might have the extension “.doc” which is immediately followed by “.exe” (example: file.doc.exe). The files attached to the emails can be presented as invoices, tax return forms or other documents. The developers count on your curiosity which can lead to your computer becoming infected with his ransomware.

There is not much information about this ransomware primarily because it is becoming ever more scarce. It seems that Kaandsona Ransomware has outlived its usefulness but, nevertheless, it is still active and functional. If your computer becomes infected with it, then this ransomware will scan it for encryptable files and go to work. According to our malware analysts, this program uses either the RSA or AES encryption algorithm to encrypt your files, and it targets file formats that are most likely to contain personal information. For example, it will encrypt file formats such as .doc, .docx, .dt, .jpeg, .jpg, .pfd, .png, .xls, and so on. In total, this program can encrypt more than a hundred file formats and it is set to append the encrypted files with the ".kencf" file extension.Kaandsona Ransomware Removal GuideKaandsona Ransomware screenshot
Scroll down for full removal instructions

Once the encryption process is complete, Kaandsona Ransomware is set to open its interface window. The window features a green progress bar and text stating that your files were encrypted and that you need to pay 1 BTC (922.53 USD) for your files to be decrypted. This ransomware features a timer, and its developers claim that it will delete your files in 24 hours if the ransom payment is not received. However, there is no telling whether your files will be decrypted after you pay the ransom. It is possible that they will remain encrypted and the ransomware will delete them regardless.

Unfortunately, there is no free decryption tool for this program at this time, and because it might not be around soon, there is a possibility that such a tool will not be developed. However, paying the ransom is risky because your files can remain encrypted after you pay, so you should weigh your options. Our malware researchers recommend that you remove Kaandsona Ransomware. You can use the guide featured below to do it. Note that removing this program involves using SpyHunter’s free scan feature to detect this ransomware’s location as it can vary between infections.

Removal Guide

  1. Open your web browser.
  2. Type http://www.spyware-techie.com/download-sph in the address box and hit Enter.
  3. Download SpyHunter-Installer.exe and run it.
  4. Install the program, run it and click Scan Computer Now!
  5. After the scan is complete, copy the file path of the malicious executable from the scan results.
  6. While in desktop, press Windows+E.
  7. Type the file path of the executable in File Explorer’s address box and hit Enter.
  8. Right-click the file and click Delete.
  9. Empty the Recycle Bin.

In non-techie terms:

Kaandsona Ransomware is a highly dangerous application because it can infect your computer secretly and encrypt your files. It demands that you send a hefty ransom payment in Bitcoins. However, there is no telling whether the cyber crooks will keep their word and decrypt your files. Therefore, we advise that you get rid of this malicious program as soon as you can.