Kaandsona Ransomware
The Kaandsona Ransomware is a Trojan that tries to encrypt your files to force you into paying a ransom fee for them. Current samples of the Kaandsona Ransomware leverage poorly-coded payloads and will crash without causing any file damage. However, this threat may see updates to full functionality in the future, and malware experts still advise using backups and anti-malware solutions for eliminating encryption damage and uninstalling the Kaandsona Ransomware.
File Encryption Waving a Flag that's Rare for Threats
Although the choice of brands that con artists use for their Trojans can include some whimsical or arbitrary elements, most of them hinge on widely-known trends and broad national groups. The Kaandsona Ransomware is the first example malware researchers can find of a file-encrypting Trojan using Estonian for its campaign, albeit only for the Trojan's personal title. In spite of this quirk, the Kaandsona Ransomware appears to be targeting English PC users exclusively.
The Kaandsona Ransomware tries but fails to encrypt any files within the locations it specifies. Targets of these attacks can include the default Windows Downloads folder, user profile-related data, the desktop and 'backup' folders. Although bugs in the Kaandsona Ransomware's code prevent it from encrypting any content, it does append '.kencf' extensions to all the files that would have been affected successfully.
Te Kaandsona Ransomware also generates a message for extorting ransom money from its victims for the safe decryption of their data dynamically. Currently, the Kaandsona Ransomware asks for one Bitcoin (833 USD) and imposes a limit of a single day before your files are, in theory, made unrecoverable.
Keeping the Bugs out of Your Hard Drive
For threatening software, being buggy isn't tantamount to being harmless, and, in some cases, even is worse for an encryption-based attack. Threats like the Kaandsona Ransomware sometimes cause permanent damage by garbling the data of the affected files instead of enciphering them properly. Even if all goes as planned, con artists have no motivation to provide real decryptors since the use of a cryptocurrency guarantees that the victims have no financial or legal recourse.
Currently, the Kaandsona Ransomware is a low-level threat, but its threat actor may update it into a fully-working Trojan, in future releases. Use updated anti-malware products to identify attempts to install this Trojan and delete the Kaandsona Ransomware without it having time to modify your files. Malware researchers also highly stress that backups are historically advantageous options for recovering from these attacks.
Infection methods for threats of this type usually will exploit e-mail spam. However, attacks through other means, such as compromised downloads for casual PC users or brute-force attacks for business enterprises, are becoming less rare than previously. It's unknown which regions the Kaandsona Ransomware is leveraging its campaign against, but with English as its warning message and Estonian as its label, anyone's guess may be equally valid.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.