From 5b05e6224d59d14f70fad1c49a4e2867ef32ff16 Mon Sep 17 00:00:00 2001
From: Shreya <shreya.malviya@gmail.com>
Date: Tue, 29 Jun 2021 13:52:10 +0530
Subject: [PATCH 1/6] docs: Modify ransomware page to include info about
 README.txt file

---
 docs/content/reference/ransomware.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/docs/content/reference/ransomware.md b/docs/content/reference/ransomware.md
index a8f7273ea..2b630370f 100644
--- a/docs/content/reference/ransomware.md
+++ b/docs/content/reference/ransomware.md
@@ -6,7 +6,9 @@ pre: '<i class="fas fa-lock"></i> '
 weight: 10
 ---
 
-The Infection Monkey has the capability of simulating a ransomware attack on your network.
+The Infection Monkey has the capability of simulating a ransomware attack on your network through a series of activities.
+
+#### Encrypting user-specified files
 All actions performed by the encryption routine are designed to be safe for production
 environments.
 
@@ -14,6 +16,11 @@ To ensure minimum interference and easy recoverability, the ransomware simulatio
 files only if the user specifies a directory that contains files that are safe to encrypt.
 If no directory is specified, no files will be encrypted.
 
+#### Leaving a README.txt file
+If a target directory is specified for the encryption routine, the ransomware simulation can be configured to leave a README.txt file there.
+
+This file clearly states that there is no need to panic and only a simulation is taking place.
+
 <!-- add config screenshot here -->
 
 

From 949a52741b8d84689c01bb0e12950f7917947a25 Mon Sep 17 00:00:00 2001
From: Shreya <shreya.malviya@gmail.com>
Date: Tue, 29 Jun 2021 13:57:32 +0530
Subject: [PATCH 2/6] docs: Add link to ransomware simulations's README.txt
 file

---
 docs/content/reference/ransomware.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/docs/content/reference/ransomware.md b/docs/content/reference/ransomware.md
index 2b630370f..e07c3e4f0 100644
--- a/docs/content/reference/ransomware.md
+++ b/docs/content/reference/ransomware.md
@@ -17,9 +17,10 @@ files only if the user specifies a directory that contains files that are safe t
 If no directory is specified, no files will be encrypted.
 
 #### Leaving a README.txt file
-If a target directory is specified for the encryption routine, the ransomware simulation can be configured to leave a README.txt file there.
+If a target directory is specified for the encryption routine, the ransomware simulation can be configured to leave a README.txt file there. This file clearly states that there is no need to panic and only a simulation is taking place.
+
+The contents of the file can be found [here](https://github.com/guardicore/monkey/tree/develop/monkey/infection_monkey/ransomware/ransomware_readme.txt).
 
-This file clearly states that there is no need to panic and only a simulation is taking place.
 
 <!-- add config screenshot here -->
 

From 8a902cd2b65a2ac27c5011265b08a615c2473d63 Mon Sep 17 00:00:00 2001
From: Shreya Malviya <shreya.malviya@gmail.com>
Date: Wed, 30 Jun 2021 12:26:55 +0530
Subject: [PATCH 3/6] docs: Modify README portion of ransomware docs

Give more context. Explain how a ransomware attack usually does this.

Co-authored-by: Mike Salvatore <mike.s.salvatore@gmail.com>
---
 docs/content/reference/ransomware.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/docs/content/reference/ransomware.md b/docs/content/reference/ransomware.md
index e07c3e4f0..b756d8b20 100644
--- a/docs/content/reference/ransomware.md
+++ b/docs/content/reference/ransomware.md
@@ -17,9 +17,11 @@ files only if the user specifies a directory that contains files that are safe t
 If no directory is specified, no files will be encrypted.
 
 #### Leaving a README.txt file
-If a target directory is specified for the encryption routine, the ransomware simulation can be configured to leave a README.txt file there. This file clearly states that there is no need to panic and only a simulation is taking place.
+Many ransomware packages leave a README.txt file on the victim machine with an explanation of what has occurred and instructions for paying the attacker. Infection Monkey can also leave a README.txt file on the victim machine in order to replicate this behavior. This can be enabled or disabled by checking the box in the configuration screen. Note that if no target directory is specified, Infection Monkey will not leave a README.txt file.
 
-The contents of the file can be found [here](https://github.com/guardicore/monkey/tree/develop/monkey/infection_monkey/ransomware/ransomware_readme.txt).
+<!-- add screenshot highlighting readme option -->
+
+The README.txt file informs the user that a ransomware simulation has taken place and that they should contact their administrator. The contents of the file can be found [here](https://github.com/guardicore/monkey/tree/develop/monkey/infection_monkey/ransomware/ransomware_readme.txt).
 
 
 <!-- add config screenshot here -->

From 560cfb594863e3197f31743218f6bc5e4ce009a9 Mon Sep 17 00:00:00 2001
From: Shreya <shreya.malviya@gmail.com>
Date: Wed, 30 Jun 2021 12:36:35 +0530
Subject: [PATCH 4/6] docs: Do slight rewording in ransomware's README section

---
 docs/content/reference/ransomware.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/content/reference/ransomware.md b/docs/content/reference/ransomware.md
index b756d8b20..3c8a30dad 100644
--- a/docs/content/reference/ransomware.md
+++ b/docs/content/reference/ransomware.md
@@ -17,7 +17,7 @@ files only if the user specifies a directory that contains files that are safe t
 If no directory is specified, no files will be encrypted.
 
 #### Leaving a README.txt file
-Many ransomware packages leave a README.txt file on the victim machine with an explanation of what has occurred and instructions for paying the attacker. Infection Monkey can also leave a README.txt file on the victim machine in order to replicate this behavior. This can be enabled or disabled by checking the box in the configuration screen. Note that if no target directory is specified, Infection Monkey will not leave a README.txt file.
+Many ransomware packages leave a README.txt file on the victim machine with an explanation of what has occurred and instructions for paying the attacker. Infection Monkey can also leave a README.txt file in the target directory on the victim machine in order to replicate this behavior. This can be enabled or disabled by checking the box on the configuration screen. Note that if no target directory is specified for encryption, Infection Monkey will not leave a README.txt file.
 
 <!-- add screenshot highlighting readme option -->
 

From af5fd8ac9dc2db8a534a1634de02a92866f50044 Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Wed, 30 Jun 2021 06:47:09 -0400
Subject: [PATCH 5/6] Docs: Minor wording change to ransomware description

---
 docs/content/reference/ransomware.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/content/reference/ransomware.md b/docs/content/reference/ransomware.md
index 3c8a30dad..9d66c0d00 100644
--- a/docs/content/reference/ransomware.md
+++ b/docs/content/reference/ransomware.md
@@ -6,7 +6,7 @@ pre: '<i class="fas fa-lock"></i> '
 weight: 10
 ---
 
-The Infection Monkey has the capability of simulating a ransomware attack on your network through a series of activities.
+The Infection Monkey is capable of simulating a ransomware attack on your network using a set of behaviors.
 
 #### Encrypting user-specified files
 All actions performed by the encryption routine are designed to be safe for production

From 0d0d268a6481bd279fe57d4e7dab37f28c9d0af4 Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Wed, 30 Jun 2021 06:49:01 -0400
Subject: [PATCH 6/6] Docs: Fix formatting of ransomware documentation

---
 docs/content/reference/ransomware.md | 58 ++++++++++++++++++++--------
 1 file changed, 41 insertions(+), 17 deletions(-)

diff --git a/docs/content/reference/ransomware.md b/docs/content/reference/ransomware.md
index 9d66c0d00..c5d28b64b 100644
--- a/docs/content/reference/ransomware.md
+++ b/docs/content/reference/ransomware.md
@@ -6,22 +6,33 @@ pre: '<i class="fas fa-lock"></i> '
 weight: 10
 ---
 
-The Infection Monkey is capable of simulating a ransomware attack on your network using a set of behaviors.
+The Infection Monkey is capable of simulating a ransomware attack on your
+network using a set of behaviors.
 
 #### Encrypting user-specified files
-All actions performed by the encryption routine are designed to be safe for production
-environments.
+All actions performed by the encryption routine are designed to be safe for
+production environments.
 
-To ensure minimum interference and easy recoverability, the ransomware simulation will encrypt
-files only if the user specifies a directory that contains files that are safe to encrypt.
-If no directory is specified, no files will be encrypted.
+To ensure minimum interference and easy recoverability, the ransomware
+simulation will encrypt files only if the user specifies a directory that
+contains files that are safe to encrypt.  If no directory is specified, no
+files will be encrypted.
 
 #### Leaving a README.txt file
-Many ransomware packages leave a README.txt file on the victim machine with an explanation of what has occurred and instructions for paying the attacker. Infection Monkey can also leave a README.txt file in the target directory on the victim machine in order to replicate this behavior. This can be enabled or disabled by checking the box on the configuration screen. Note that if no target directory is specified for encryption, Infection Monkey will not leave a README.txt file.
+Many ransomware packages leave a README.txt file on the victim machine with an
+explanation of what has occurred and instructions for paying the attacker.
+Infection Monkey can also leave a README.txt file in the target directory on
+the victim machine in order to replicate this behavior. This can be enabled or
+disabled by checking the box on the configuration screen. Note that if no
+target directory is specified for encryption, Infection Monkey will not leave a
+README.txt file.
 
 <!-- add screenshot highlighting readme option -->
 
-The README.txt file informs the user that a ransomware simulation has taken place and that they should contact their administrator. The contents of the file can be found [here](https://github.com/guardicore/monkey/tree/develop/monkey/infection_monkey/ransomware/ransomware_readme.txt).
+The README.txt file informs the user that a ransomware simulation has taken
+place and that they should contact their administrator. The contents of the
+file can be found
+[here](https://github.com/guardicore/monkey/tree/develop/monkey/infection_monkey/ransomware/ransomware_readme.txt).
 
 
 <!-- add config screenshot here -->
@@ -29,28 +40,41 @@ The README.txt file informs the user that a ransomware simulation has taken plac
 
 ## How are the files encrypted?
 
-Files are "encrypted" in place with a simple bit flip. Encrypted files are renamed to have
-`.m0nk3y` appended to their names.
+Files are "encrypted" in place with a simple bit flip. Encrypted files are
+renamed to have `.m0nk3y` appended to their names.
 
-This is a safe way to simulate encryption since it is easy to "decrypt" your files. You can simply perform a bit flip on the files again and rename them to remove the appended `.m0nk3y` extension.
+This is a safe way to simulate encryption since it is easy to "decrypt" your
+files. You can simply perform a bit flip on the files again and rename them to
+remove the appended `.m0nk3y` extension.
 
-This is sufficient to mock a ransomware attack on your network as the data in your files has been manipulated (temporarily leaving them unusuable) and are renamed with a different extension, similar to the way that many ransomwares act. As this is a simulation, your security solutions should be triggered to notify and prevent these changes from taking place.
+This is sufficient to mock a ransomware attack on your network as the data in
+your files has been manipulated (temporarily leaving them unusuable) and are
+renamed with a different extension, similar to the way that many ransomwares
+act. As this is a simulation, your security solutions should be triggered to
+notify and prevent these changes from taking place.
 
 
 ## Which files are encrypted?
 
-All regular files with [valid extensions](#file-extensions-targeted-for-encryption) in the configured directory are attempted to be encrypted during the simulation.
+All regular files with [valid
+extensions](#file-extensions-targeted-for-encryption) in the configured
+directory are attempted to be encrypted during the simulation.
 
-The simulation is not recursive, i.e. it will not touch any files in sub-directories of the configured directory. Symlinks and shortcuts are ignored.
+The simulation is not recursive, i.e. it will not touch any files in
+sub-directories of the configured directory. Symlinks and shortcuts are
+ignored.
 
-These precautions are taken to prevent the monkey from going rogue and accidentally encrypting files that you didn't intend to encrypt.
+These precautions are taken to prevent the monkey from going rogue and
+accidentally encrypting files that you didn't intend to encrypt.
 
 
 ## File extensions targeted for encryption
 
-Encryption attempts are only performed on regular files with the following extensions.
+Encryption attempts are only performed on regular files with the following
+extensions.
 
-This list is based on the [analysis of the Goldeneye ransomware by BitDefender](https://labs.bitdefender.com/2017/07/a-technical-look-into-the-goldeneye-ransomware-attack/).
+This list is based on the [analysis of the Goldeneye ransomware by
+BitDefender](https://labs.bitdefender.com/2017/07/a-technical-look-into-the-goldeneye-ransomware-attack/).
 
 - .3ds
 - .7z