From a5fc0bc3936bba5f8a3e58b60327f374ea32f0c1 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 30 Nov 2021 11:35:04 -0500 Subject: [PATCH] Agent: Change readme if condition in RansomwarePayload.cleanup() If the _readme_incomplete flag is set but no readme file has been left in the target directory, do not leave a new readme file. This can happen if the thread is forcefully killed between the time when the flag is set and the file is first created. The cleanup function is only concerned with cleaning up incomplete files, not ensuring the existence of the file under all circumstances. --- monkey/infection_monkey/ransomware/ransomware_payload.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/monkey/infection_monkey/ransomware/ransomware_payload.py b/monkey/infection_monkey/ransomware/ransomware_payload.py index 86c7cd9ba..ff2a89d64 100644 --- a/monkey/infection_monkey/ransomware/ransomware_payload.py +++ b/monkey/infection_monkey/ransomware/ransomware_payload.py @@ -74,7 +74,10 @@ class RansomwarePayload: logger.warning(f"An error occurred while attempting to leave a README.txt file: {ex}") def cleanup(self): - if self._readme_incomplete: + # This cleanup function is only concerned with cleaning up and replacing *incomplete* + # README.txt files; its goal is not to ensure the existence of a README file. Therefore, + # only retry if a README.txt file actually exists. + if self._readme_incomplete and self._readme_file_path.exists(): logger.info( "The process of leaving a README.txt was interrupted. Removing the corrupt file " "and trying again."