Merge branch 'release/1.11.0' into develop

CHANGELOG.md

@@ -1,11 +1,12 @@
 # Changelog
-All notable changes to this project will be documented in this file.
+All notable changes to this project will be documented in this
+file.
 
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
+The format is based on [Keep a
+Changelog](https://keepachangelog.com/en/1.0.0/).
 
-## [Unreleased]
+## [1.11.0] - 2021-08-XX
 ### Added
-- PostgreSQL fingerprinter. #892
 - A runtime-configurable option to specify a data directory where runtime
   configuration and other artifacts can be stored. #994
 - Scripts to build an AppImage for Monkey Island. #1069, #1090, #1136, #1381
@@ -13,53 +14,58 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - A ransomware simulation payload. #1238
 - The capability for a user to specify their own SSL certificate. #1208
 - API endpoint for ransomware report. #1297
-- Add ransomware report. #1240
+- A ransomware report. #1240
 - A script to build a docker image locally. #1140
 
 ### Changed
-- server_config.json can be selected at runtime. #963
-- Logger configuration can be selected at runtime. #971
-- `mongo_key.bin` file location can be selected at runtime. #994
-- Monkey agents are stored in the configurable data_dir when monkey is "run
-  from the island". #997
-- Reformated all code using black. #1070
-- Sorted all imports usind isort. #1081
-- Addressed all flake8 issues. #1071
+- Select server_config.json at runtime. #963
+- Select Logger configuration at runtime. #971
+- Select `mongo_key.bin` file location at runtime. #994
+- Store Monkey agents in the configurable data_dir when monkey is "run from the
+  island". #997
+- Reformat all code using black. #1070
+- Sort all imports using isort. #1081
+- Address all flake8 issues. #1071
 - Use pipenv for python dependency management. #1091
-- Moved unit tests to a dedicated `tests/` directory to improve pytest
-  collection time. #1102
-- Default BB test suite behavior: if `--run-performance-tests` flag is not
-  specified, performance tests are skipped.
-- Zerologon exploiter writes runtime artifacts to a secure temporary directory
+- Move unit tests to a dedicated `tests/` directory to improve pytest collection
+  time. #1102
+- Skip BB performance tests by default. Run them if `--run-performance-tests`
+  flag is specified.
+- Write Zerologon exploiter's runtime artifacts to a secure temporary directory
   instead of $HOME. #1143
-- Authentication mechanism to use bcrypt on server side. #1139
-- `server_config.json` puts environment config options in a separate section
-  named "environment". #1161
-- BlackBox tests can now register if they are ran on a fresh installation. #1180
+- Put environment config options in `server_config.json` into a separate
+  section named "environment". #1161
+- Automatically register if BlackBox tests are run on a fresh installation.
+  #1180
 - Limit the ports used for scanning in blackbox tests. #1368
 - Limit the propagation depth of most blackbox tests. #1400
-- Blackbox tests wait less time for monkeys to die. #1400
-- Improved the structure of unit tests by scoping fixtures only to relevant modules
-  instead of having a one huge fixture file, improved and renamed the directory
-  structure of unit tests and unit test infrastructure. #1178
-- MongoDb now gets launched by the Island via python. #1148
-- Create/check data directory on Island init. #1170
-- The formatting of some log messages to make them more readable. #1283
-- Some unit tests to run faster. #1125
+- Wait less time for monkeys to die when running BlackBox tests. #1400
+- Improve the structure of unit tests by scoping fixtures only to relevant
+  modules instead of having a one huge fixture file. #1178
+- Improve and rename the directory structure of unit tests and unit test
+  infrastructure. #1178
+- Launch MongoDB when the Island starts via python. #1148
+- Create/check data directory on Island initialization. #1170
+- Format some log messages to make them more readable. #1283
+- Improve runtime of some unit tests. #1125
+- Run curl OR wget (not both) when attempting to communicate as a new user on
+  Linux. #1407
 
 ### Removed
 - Relevant dead code as reported by Vulture. #1149
 - Island logger config and --logger-config CLI option. #1151
 
 ### Fixed
-- Attempted to delete a directory when monkey config reset was called. #1054
+- Attempt to delete a directory when monkey config reset was called. #1054
 - An errant space in the windows commands to run monkey manually. #1153
-- gevent tracebacks in console output. #859
+- Gevent tracebacks in console output. #859
 - Crash and failure to run PBAs if max depth reached. #1374
 
 ### Security
 - Address minor issues discovered by Dlint. #1075
-- Generate random passwords when creating a new user (create user PBA, ms08_67 exploit). #1174
+- Hash passwords on server-side instead of client side. #1139
+- Generate random passwords when creating a new user (create user PBA, ms08_67
+  exploit). #1174
 - Implemented configuration encryption/decryption. #1189, #1204
 - Create local custom PBA directory with secure permissions. #1270
 - Create encryption key file for MongoDB with secure permissions. #1232

docs/content/reports/mitre.md

@@ -2,6 +2,7 @@
 title: "MITRE ATT&CK report"
 description: "Maps the Monkey's actions to the MITRE ATT&CK knowledge base"
 date: 2020-06-24T21:17:18+03:00
+weight: 3
 draft: false
 ---
 

docs/content/reports/ransomware.md

@@ -0,0 +1,49 @@
+---
+title: "Ransomware report"
+date: 2021-08-05T13:23:10+03:00
+weight: 4
+draft: false
+description: "Provides information about ransomware simulation on your network"
+---
+
+{{% notice info %}}
+Check out [the Infection Monkey's ransomware simulation documentation]({{< ref
+"/usage/scenarios/ransomware-simulation" >}}) and [the documentation for other
+available reports]({{< ref "/reports" >}}).
+{{% /notice %}}
+
+The Infection Monkey can be configured to [simulate a ransomware
+attack](/usage/scenarios/ransomware-simulation) on your network. After running,
+it generates a **Ransomware Report** that provides you with insight into how
+ransomware might behave within your environment.
+
+The report is split into three sections:
+
+- [Breach](#breach)
+- [Lateral Movement](#lateral-movement)
+- [Attack](#attack)
+
+## Breach
+
+The breach section shows when and where the ransomware infection began.
+
+![Breach](/images/usage/reports/ransomware_report_1_breach.png "Breach")
+
+
+## Lateral movement
+
+The lateral movement section provides information about how the simulated
+ransomware was able to propagate through your network.
+
+
+![Lateral
+Movement](/images/usage/reports/ransomware_report_2_lateral_movement.png
+"Lateral Movement")
+
+
+## Attack
+
+The attack section shows the details of what the simulated ransomware
+successfully encrypted, including a list of specific files.
+
+![Attack](/images/usage/reports/ransomware_report_3_attack.png "Attack")

docs/content/reports/security.md

@@ -1,6 +1,7 @@
 ---
 title: "Security report"
 date: 2020-06-24T21:16:10+03:00
+weight: 1
 draft: false
 description: "Provides actionable recommendations and insight into an attacker's view of your network"
 ---

docs/content/reports/zero-trust.md

@@ -1,6 +1,7 @@
 ---
 title: "Zero Trust report"
 date: 2020-06-24T21:16:18+03:00
+weight: 2
 draft: false
 description: "Generates a status report with detailed explanations of Zero Trust security gaps and prescriptive instructions on how to rectify them"
 ---

docs/content/setup/docker.md

@@ -29,7 +29,7 @@ The Infection Monkey Docker container works on Linux only. It is not compatible
 1. Load the Monkey Island Docker image:
 
     ```bash
-    sudo docker load -i dk.monkeyisland.1.10.0.tar
+    sudo docker load -i dk.monkeyisland.VERSION.tar
     ```
 
 ### 2. Start MongoDB
@@ -58,7 +58,7 @@ been signed by a private certificate authority.
     sudo docker run \
         --name monkey-island \
         --network=host \
-        guardicore/monkey-island:1.10.0
+        guardicore/monkey-island:VERSION
     ```
 
 ### 3b. Start Monkey Island with user-provided certificate
@@ -81,7 +81,7 @@ been signed by a private certificate authority.
         --network=host \
         --user "$(id -u ${USER}):$(id -g ${USER})" \
         --volume "$(realpath ./monkey_island_data)":/monkey_island_data \
-        guardicore/monkey-island:1.10.0 --setup-only
+        guardicore/monkey-island:VERSION --setup-only
     ```
 
 1. Move your `.crt` and `.key` files to `./monkey_island_data`.
@@ -122,7 +122,7 @@ been signed by a private certificate authority.
         --network=host \
         --user "$(id -u ${USER}):$(id -g ${USER})" \
         --volume "$(realpath ./monkey_island_data)":/monkey_island_data \
-        guardicore/monkey-island:1.10.0
+        guardicore/monkey-island:VERSION
     ```
 
 ### 4. Accessing Monkey Island
@@ -152,7 +152,7 @@ to store data in the `monkey-mongo` container.
 UnicodeDecodeError: 'utf-8' codec can't decode byte 0xee in position 0: invalid continuation byte
 ```
 
-Starting a new container from the `guardicore/monkey-island:1.10.0` image
+Starting a new container from the `guardicore/monkey-island:VERSION` image
 generates a new secret key for storing sensitive information in MongoDB. If you
 have an old database instance running (from a previous instance of Infection
 Monkey), the data stored in the `monkey-mongo` container has been encrypted

docs/content/setup/linux.md

@@ -18,10 +18,10 @@ installed, but the ones that we've tested are:
 - Kali 2021.2
 - Parrot 4.11
 - Rocky 8
-- Suse Leap 15.3
-- Ubuntu 18.04
-- Ubuntu 20.04
-- Ubuntu 21.04
+- openSUSE Leap 15.3
+- Ubuntu Bionic 18.04
+- Ubuntu Focal 20.04
+- Ubuntu Hirsute 21.04
 
 ## Deployment
 

docs/content/setup/vmware.md

@@ -1,75 +0,0 @@
----
-title: "VMware"
-date: 2020-05-26T20:57:14+03:00
-draft: false
-pre: '<i class="fas fa-laptop-code"></i> '
-weight: 3
-tags: ["setup", "vmware"]
----
-
-## Deployment
-
-1. Deploy the Infection Monkey OVA by choosing **Deploy OVF Template** and
-   following the wizard instructions. *Note: make sure ports 5000 and 5001 on
-   the machine are accessible for inbound TCP traffic.*
-1. Turn on the Infection Monkey VM.
-1. Log in to the machine with the following credentials:
-   1. Username: **monkeyuser**
-   1. Password: **Noon.Earth.Always**
-1. For security purposes, it's recommended that you change the machine
-   passwords by running the following commands: `sudo passwd monkeyuser`, `sudo
-   passwd root`.
-
-## OVA network modes
-
-You can use the OVA in one of two modes:
-
-1. In a network with the DHCP configured — In this case, the Monkey Island will
-   automatically query and receive an IP address from the network.
-1. With a static IP address — In this case, you should log in to the VM console
-   with the username `monkeyuser` and the password `Noon.Earth.Always`. After logging
-   in, edit the Netplan configuration by entering the following command in the
-   prompt:
-
-    ```sh
-    sudo nano /etc/netplan/00-installer-config.yaml
-    ```
-
-    Make the following changes:
-
-    ```diff
-     # This is the network config written by 'subiquity'
-     network:
-       ethernets:
-         ens160:
-    -      dhcp4: true
-    +      dhcp4: false
-    +      addresses: [XXX.XXX.XXX.XXX/24]
-    +      gateway4: YYY.YYY.YYY.YYY
-    +      nameservers:
-    +        addresses: [1.1.1.1]
-       version: 2
-    ```
-
-    Replace `XXX.XXX.XXX.XXX` with the desired IP addess of the VM. Replace
-    `YYY.YYY.YYY.YYY` with the default gateway.
-
-    Save the changes then run the command:
-
-    ```sh
-    sudo netplan apply
-    ```
-
-    If this configuration does not suit your needs, see
-    https://netplan.io/examples/ for more information about how to configure
-    Netplan.
-
-## Upgrading
-
-Currently, there's no "upgrade-in-place" option when a new version is released.
-To get an updated version, download the updated OVA file.
-
-If you'd like to keep your existing configuration, you can export it to a file
-using the *Export config* button and then import it to the new Monkey Island.
-
-![Export configuration](../../images/setup/export-configuration.png "Export configuration")

docs/content/setup/windows.md

@@ -20,7 +20,7 @@ After running the installer, the following prompt should appear on the screen:
 1. Follow the steps to complete the installation.
 1. Run the Monkey Island by clicking on the desktop shortcut.
 
-### Start Monkey Island with user-provided certificcate
+### Start Monkey Island with user-provided certificate
 
 By default, Infection Monkey comes with a [self-signed SSL certificate](https://aboutssl.org/what-is-self-sign-certificate/). In
 enterprise or other security-sensitive environments, it is recommended that the

docs/content/usage/file-checksums.md

@@ -37,24 +37,31 @@ $ sha256sum monkey-linux-64
 
 | Filename                                             | Type              | Version | SHA256                                                             |
 |------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
-| monkey-windows-64.exe                                | Windows Agent     | 1.10.0  | `3b499a4cf1a67a33a91c73b05884e4d6749e990e444fa1d2a3281af4db833fa1` |
-| monkey-windows-32.exe                                | Windows Agent     | 1.10.0  | `8e891e90b11b97fbbef27f1408c1fcad486b19c612773f2d6a9edac5d4cdb47f` |
-| monkey-linux-64                                      | Linux Agent       | 1.10.0  | `932f703510b6484c3824fc797f90f99722e38a7f8956cf6fa58fdecb3790ab93` |
-| monkey-linux-32                                      | Linux Agent       | 1.10.0  | `a6de7d571051292b9db966afe025413dc20b214c4aab53e48d90d8e04264f4f5` |
-| infection_monkey_deb.tgz                             | Debian Package    | 1.10.0  | `534d85c4abc78e2c86a74d8b88759b091b62077dd9e32f02eeb43d716d359ff6` |
-| infection_monkey_debzt.tgz                           | Debian Package    | 1.10.0  | `bd01d8482f80990e6cc0ed654c07dbd80da71eebe3dd244365e9bc00f86b1c03` |
-| Monkey Island v1.10.0_3593_windows.exe	           | Windows Installer | 1.10.0  | `ebd2c5627d21dd8670def02c3a5a995f9e799ba567cf4caacd702654264ddf06` |
-| Monkey Island v1.10.0_3593_windowszt.exe             | Windows Installer | 1.10.0  | `60aaf3b32e5d06c91fe0d4f1b950529517ac33796f67e9ccfef0e8ce1c5372d8` |
-| infection_monkey_docker_docker_20210326_171631.tgz   | Docker            | 1.10.0  | `e4f9c7c5aafe7e38b33d2927a9c0cf6a3ac27858d3d0e3f2252c2e91809a78db` |
-| infection_monkey_docker_dockerzt_20210326_172035.tgz | Docker            | 1.10.0  | `248640e9eaa18e4c27f67237f0594d9533732f372ba4674d5d1bea43ab498cf5` |
-| monkey-island-vmware.ova                             | OVA               | 1.10.0  | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` |
-| monkey-island-vmwarezt.ova                           | OVA               | 1.10.0  | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` |
+| monkey-windows-64.exe                                | Windows Agent     | 1.11.0  | `12c55377381a8fc7d8ff731db52302ef2f8bb894d8712769e5a91a140ba22b0a` |
+| monkey-windows-32.exe                                | Windows Agent     | 1.11.0  | `e006b26663f59b92bad8d49b034cd8101dd481f881e3c4839a9c1e64fd99e849` |
+| monkey-linux-64                                      | Linux Agent       | 1.11.0  | `fb4c979ce6c29bb458be50a44cc6839650826b831da849da69a05dfefdc66462` |
+| monkey-linux-32                                      | Linux Agent       | 1.11.0  | `88d6d717f99047ae6f8ff9527b41ff004217c99b1b027f112d062dd9e66d11ab` |
+| Infection_Monkey-1.11.0-x86_64.AppImage              | Linux Package     | 1.11.0  | `6312b6bff18c11c7db694f42cf5a41e894786c39e3e093b6b15abcbff80337f2` |
+| infection_monkey_docker_20210811_211212.tgz          | Docker            | 1.11.0  | `40f203387cadd153f97c6a21dfdddacd4d4eeea334a9300d862bfb4ba528e2e6` |
+| Monkey Island v1.11.0_3789.exe                       | Windows Installer | 1.11.0  | `20633c1993ea5f86b57b3a48d6875e8f72881f856f4713d747f07a559da05ccc` |
 
 
 ## Older checksums
 
 | Filename                                             | Type              | Version | SHA256                                                             |
 |------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
+| monkey-windows-64.exe                                | Windows Agent     | 1.10.0  | `3b499a4cf1a67a33a91c73b05884e4d6749e990e444fa1d2a3281af4db833fa1` |
+| monkey-windows-32.exe                                | Windows Agent     | 1.10.0  | `8e891e90b11b97fbbef27f1408c1fcad486b19c612773f2d6a9edac5d4cdb47f` |
+| monkey-linux-64                                      | Linux Agent       | 1.10.0  | `932f703510b6484c3824fc797f90f99722e38a7f8956cf6fa58fdecb3790ab93` |
+| monkey-linux-32                                      | Linux Agent       | 1.10.0  | `a6de7d571051292b9db966afe025413dc20b214c4aab53e48d90d8e04264f4f5` |
+| infection_monkey_deb.tgz                             | Debian Package    | 1.10.0  | `534d85c4abc78e2c86a74d8b88759b091b62077dd9e32f02eeb43d716d359ff6` |
+| infection_monkey_debzt.tgz                           | Debian Package    | 1.10.0  | `bd01d8482f80990e6cc0ed654c07dbd80da71eebe3dd244365e9bc00f86b1c03` |
+| Monkey Island v1.10.0_3593_windows.exe               | Windows Installer | 1.10.0  | `ebd2c5627d21dd8670def02c3a5a995f9e799ba567cf4caacd702654264ddf06` |
+| Monkey Island v1.10.0_3593_windowszt.exe             | Windows Installer | 1.10.0  | `60aaf3b32e5d06c91fe0d4f1b950529517ac33796f67e9ccfef0e8ce1c5372d8` |
+| infection_monkey_docker_docker_20210326_171631.tgz   | Docker            | 1.10.0  | `e4f9c7c5aafe7e38b33d2927a9c0cf6a3ac27858d3d0e3f2252c2e91809a78db` |
+| infection_monkey_docker_dockerzt_20210326_172035.tgz | Docker            | 1.10.0  | `248640e9eaa18e4c27f67237f0594d9533732f372ba4674d5d1bea43ab498cf5` |
+| monkey-island-vmware.ova                             | OVA               | 1.10.0  | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` |
+| monkey-island-vmwarezt.ova                           | OVA               | 1.10.0  | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` |
 | monkey-windows-64.exe                                | Windows Agent     | 1.9.0   | `24622cb8dbabb0cf4b25ecd3c13800c72ec5b59b76895b737ece509640d4c068` |
 | monkey-windows-32.exe                                | Windows Agent     | 1.9.0   | `67f12171c3859a21fc8f54c5b2299790985453e9ac028bb80efc7328927be3d8` |
 | monkey-linux-64                                      | Linux Agent       | 1.9.0   | `aec6b14dc2bea694eb01b517cca70477deeb695f39d40b1d9e5ce02a8075c956` |

docs/layouts/shortcodes/homepage_shortcuts.html

@@ -74,10 +74,10 @@
                 </a>
             </div>
             <div class="col-lg-3 col-sm-6 mb-3">
-                <a href="usage/use-cases" class="px-4 py-5 bg-white shadow text-center d-block">
+                <a href="usage/scenarios" class="px-4 py-5 bg-white shadow text-center d-block">
                     <i class="fas fa-map-marked-alt d-block mb-4"  style="font-size: x-large;"></i>
-                    <h4 class="mb-3 mt-0">Use Cases</h4>
-                    <p class="mb-0">Learn about use cases of the Infection Monkey.</p>
+                    <h4 class="mb-3 mt-0">Scenarios</h4>
+                    <p class="mb-0">Learn about scenarios of the Infection Monkey.</p>
                 </a>
             </div>
             <div class="col-lg-3 col-sm-6 mb-3">

monkey/common/BUILD

@@ -1 +1 @@
-dev
+release

monkey/common/version.py

@@ -4,7 +4,7 @@ import argparse
 from pathlib import Path
 
 MAJOR = "1"
-MINOR = "10"
+MINOR = "11"
 PATCH = "0"
 build_file_path = Path(__file__).parent.joinpath("BUILD")
 with open(build_file_path, "r") as build_file:

monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py

@@ -1,5 +1,6 @@
 import logging
 import random
+import shutil
 import string
 import subprocess
 
@@ -64,11 +65,13 @@ class CommunicateAsNewUser(PBA):
                 'Invoke-WebRequest {url} -UseBasicParsing"'
             )
         else:
-            # true || false -> 0.  false || true -> 0.  false || false -> 1. So:
             # if curl works, we're good.
             # If curl doesn't exist or fails and wget work, we're good.
             # And if both don't exist: we'll call it a win.
-            format_string = "curl {url} || wget -O/dev/null -q {url}"
+            if shutil.which("curl") is not None:
+                format_string = "curl {url}"
+            else:
+                format_string = "wget -O/dev/null -q {url}"
         return format_string.format(url=url)
 
     def send_result_telemetry(self, exit_status, commandline, username):

monkey/infection_monkey/post_breach/signed_script_proxy/windows/signed_script_proxy.py

@@ -2,7 +2,7 @@ import os
 
 from infection_monkey.control import ControlClient
 
-TEMP_COMSPEC = os.path.join(os.getcwd(), "random_executable.exe")
+TEMP_COMSPEC = os.path.join(os.getcwd(), "T1216_random_executable.exe")
 
 
 def get_windows_commands_to_proxy_execution_using_signed_script():

monkey/monkey_island/cc/resources/T1216_pba_file_download.py

@@ -16,5 +16,5 @@ class T1216PBAFileDownload(flask_restful.Resource):
         executable_file_name = "T1216_random_executable.exe"
         return send_from_directory(
             directory=os.path.join(MONKEY_ISLAND_ABS_PATH, "cc", "resources", "pba"),
-            filename=executable_file_name,
+            path=executable_file_name,
         )

monkey/monkey_island/cc/setup/config_setup.py

@@ -18,7 +18,7 @@ def setup_data_dir(island_args: IslandCmdArgs) -> Tuple[IslandConfigOptions, str
 def _setup_config_by_cmd_arg(server_config_path) -> Tuple[IslandConfigOptions, str]:
     server_config_path = expand_path(server_config_path)
     config = server_config_handler.load_server_config_from_file(server_config_path)
-    create_secure_directory(config.data_dir)
+    create_secure_directory(str(config.data_dir))
     return config, server_config_path
 
 
@@ -26,7 +26,7 @@ def _setup_default_config() -> Tuple[IslandConfigOptions, str]:
     default_config = server_config_handler.load_server_config_from_file(DEFAULT_SERVER_CONFIG_PATH)
     default_data_dir = default_config.data_dir
 
-    create_secure_directory(default_data_dir)
+    create_secure_directory(str(default_data_dir))
 
     server_config_path = server_config_handler.create_default_server_config_file(default_data_dir)
     config = server_config_handler.load_server_config_from_file(server_config_path)

monkey/monkey_island/cc/ui/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "infection-monkey",
-  "version": "1.10.0",
+  "version": "1.11.0",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {

monkey/monkey_island/cc/ui/package.json

@@ -1,6 +1,6 @@
 {
   "private": true,
-  "version": "1.10.0",
+  "version": "1.11.0",
   "name": "infection-monkey",
   "description": "Infection Monkey C&C UI",
   "scripts": {

monkey/monkey_island/cc/ui/src/components/report-components/ransomware/LateralMovement.tsx

@@ -10,7 +10,7 @@ const LATERAL_MOVEMENT_DESCRIPTION = 'After the initial breach, the attacker wil
                                       <br /> \
                                       <br /> \
                                       <a \
-                                        href="https://www.guardicore.com/blog/stopping-ransomware-with-segmentation/" \
+                                        href="https://www.guardicore.com/blog/stopping-ransomware-with-segmentation/?utm_medium=monkey-request&utm_source=web-report&utm_campaign=monkey-security-report" \
                                         target="_blank" \
                                       > \
 				        See some real-world examples on Guardicore\'s blog. \