FANDOM


Codemanger is ransomware that runs on Microsoft Windows. It is aimed at English-speaking users.

Payload

Transmission

Codemanager is distributed through using hacking programs, keygens, other programs for illegitimate activation of paid programs. As well by hacking through an insecure RDP configuration, using email spam and malicious attachments, deceptive downloads, botnets, exploits, malicious ads, web injects, fake updates, repackaged and infected installers.

Infection

Codemanager encrypts user data using AES. It drops a text file called HOW TO DECRYPT FILES.txt. The ransom note says the following:

    Attention !!!    
All your personal files (photo, documents, texts, certificates, kwm-files, video) were encrypted by a very 
strong cypher RSA-1024. The original files deleted. You can check it yourself - just look for this in all 
folders.
There is no possibility to decrypt these files without a special decrypt program! Nobody can help you - 
even don't try to find another method or tell someone because after 3 days all encrypted files will be 
completely deleted and you will have no chance to get it back.
We can help you with a decrypt-program for 100 $ via wire transfer (bank transfer: SWIFT / IBAN). 
For details you have to send your request on this e-mail (with serial key from text-file on desktop):codemanager@fastmail.fm
D619DB3F92FE7E57D3003A5648924B39FE9E7C1721CFCFA6D37C2238246AE34B0854A68796CF93F0FE
D1AE438AFC80C32A25135A90BAD13FF90B6AE875465971 ***

It then requires a ransom of $ 100 using a bank transfer to return the files.

Community content is available under CC-BY-SA unless otherwise noted.