From 8a902cd2b65a2ac27c5011265b08a615c2473d63 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Wed, 30 Jun 2021 12:26:55 +0530 Subject: [PATCH] docs: Modify README portion of ransomware docs Give more context. Explain how a ransomware attack usually does this. Co-authored-by: Mike Salvatore --- docs/content/reference/ransomware.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/content/reference/ransomware.md b/docs/content/reference/ransomware.md index e07c3e4f0..b756d8b20 100644 --- a/docs/content/reference/ransomware.md +++ b/docs/content/reference/ransomware.md @@ -17,9 +17,11 @@ files only if the user specifies a directory that contains files that are safe t If no directory is specified, no files will be encrypted. #### Leaving a README.txt file -If a target directory is specified for the encryption routine, the ransomware simulation can be configured to leave a README.txt file there. This file clearly states that there is no need to panic and only a simulation is taking place. +Many ransomware packages leave a README.txt file on the victim machine with an explanation of what has occurred and instructions for paying the attacker. Infection Monkey can also leave a README.txt file on the victim machine in order to replicate this behavior. This can be enabled or disabled by checking the box in the configuration screen. Note that if no target directory is specified, Infection Monkey will not leave a README.txt file. -The contents of the file can be found [here](https://github.com/guardicore/monkey/tree/develop/monkey/infection_monkey/ransomware/ransomware_readme.txt). + + +The README.txt file informs the user that a ransomware simulation has taken place and that they should contact their administrator. The contents of the file can be found [here](https://github.com/guardicore/monkey/tree/develop/monkey/infection_monkey/ransomware/ransomware_readme.txt).