Codemanager is distributed through using hacking programs, keygens, other programs for illegitimate activation of paid programs. As well by hacking through an insecure RDP configuration, using email spam and malicious attachments, deceptive downloads, botnets, exploits, malicious ads, web injects, fake updates, repackaged and infected installers.
Codemanager encrypts user data using AES. It drops a text file called HOW TO DECRYPT FILES.txt. The ransom note says the following:
Attention !!! All your personal files (photo, documents, texts, certificates, kwm-files, video) were encrypted by a very strong cypher RSA-1024. The original files deleted. You can check it yourself - just look for this in all folders. There is no possibility to decrypt these files without a special decrypt program! Nobody can help you - even don't try to find another method or tell someone because after 3 days all encrypted files will be completely deleted and you will have no chance to get it back. We can help you with a decrypt-program for 100 $ via wire transfer (bank transfer: SWIFT / IBAN). For details you have to send your request on this e-mail (with serial key from text-file on desktop):email@example.com D619DB3F92FE7E57D3003A5648924B39FE9E7C1721CFCFA6D37C2238246AE34B0854A68796CF93F0FE D1AE438AFC80C32A25135A90BAD13FF90B6AE875465971 ***
It then requires a ransom of $ 100 using a bank transfer to return the files.