Merge pull request #1284 from guardicore/ransomware-targeted-files

Ransomware targeted files
2021-06-30 09:51:43 -04:00 · 2021-06-30 09:51:43 -04:00 · dcffe2a850
parent 3fb8c06102 ebab7be32b
commit dcffe2a850
3 changed files with 8 additions and 10 deletions
--- a/docs/content/reference/ransomware.md
+++ b/docs/content/reference/ransomware.md
@ -56,8 +56,8 @@ notify and prevent these changes from taking place.

 ## Which files are encrypted?

-All regular files with [valid
-extensions](#file-extensions-targeted-for-encryption) in the configured
+All regular files with [targeted file
+extensions](#files-targeted-for-encryption) in the configured
 directory are attempted to be encrypted during the simulation.

 The simulation is not recursive, i.e. it will not touch any files in
@ -68,12 +68,10 @@ These precautions are taken to prevent the monkey from going rogue and
 accidentally encrypting files that you didn't intend to encrypt.


-## File extensions targeted for encryption
+## Files targeted for encryption

-Encryption attempts are only performed on regular files with the following
-extensions.
-
-This list is based on the [analysis of the Goldeneye ransomware by
+Only regular files with certain extensions are encrypted by the ransomware
+simulation. This list is based on the [analysis of the Goldeneye ransomware by
 BitDefender](https://labs.bitdefender.com/2017/07/a-technical-look-into-the-goldeneye-ransomware-attack/).

 - .3ds
--- a/monkey/infection_monkey/ransomware/ransomware_payload.py
+++ b/monkey/infection_monkey/ransomware/ransomware_payload.py
@ -6,7 +6,7 @@ from typing import List, Optional, Tuple

 from infection_monkey.ransomware.bitflip_encryptor import BitflipEncryptor
 from infection_monkey.ransomware.file_selectors import select_production_safe_target_files
-from infection_monkey.ransomware.valid_file_extensions import VALID_FILE_EXTENSIONS_FOR_ENCRYPTION
+from infection_monkey.ransomware.targeted_file_extensions import TARGETED_FILE_EXTENSIONS
 from infection_monkey.telemetry.file_encryption_telem import FileEncryptionTelem
 from infection_monkey.telemetry.messengers.i_telemetry_messenger import ITelemetryMessenger
 from infection_monkey.utils.environment import is_windows_os
@ -35,7 +35,7 @@ class RansomwarePayload:
        )

        self._new_file_extension = EXTENSION
-        self._valid_file_extensions_for_encryption = VALID_FILE_EXTENSIONS_FOR_ENCRYPTION.copy()
+        self._valid_file_extensions_for_encryption = TARGETED_FILE_EXTENSIONS.copy()
        self._valid_file_extensions_for_encryption.discard(self._new_file_extension)

        self._encryptor = BitflipEncryptor(chunk_size=CHUNK_SIZE)
--- a/monkey/infection_monkey/ransomware/targeted_file_extensions.py
+++ b/monkey/infection_monkey/ransomware/targeted_file_extensions.py
@ -1,4 +1,4 @@
-VALID_FILE_EXTENSIONS_FOR_ENCRYPTION = {
+TARGETED_FILE_EXTENSIONS = {
    ".3ds",
    ".7z",
    ".accdb",