Codemanger is ransomware that runs on Microsoft Windows. It is aimed at English-speaking users.



Codemanager is distributed through using hacking programs, keygens, other programs for illegitimate activation of paid programs. As well by hacking through an insecure RDP configuration, using email spam and malicious attachments, deceptive downloads, botnets, exploits, malicious ads, web injects, fake updates, repackaged and infected installers.


Codemanager encrypts user data using AES. It drops a text file called HOW TO DECRYPT FILES.txt. The ransom note says the following:

    Attention !!!    
All your personal files (photo, documents, texts, certificates, kwm-files, video) were encrypted by a very 
strong cypher RSA-1024. The original files deleted. You can check it yourself - just look for this in all 
There is no possibility to decrypt these files without a special decrypt program! Nobody can help you - 
even don't try to find another method or tell someone because after 3 days all encrypted files will be 
completely deleted and you will have no chance to get it back.
We can help you with a decrypt-program for 100 $ via wire transfer (bank transfer: SWIFT / IBAN). 
For details you have to send your request on this e-mail (with serial key from text-file on desktop)
D1AE438AFC80C32A25135A90BAD13FF90B6AE875465971 ***

It then requires a ransom of $ 100 using a bank transfer to return the files.

Community content is available under CC-BY-SA unless otherwise noted.