p17860254
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

docs: Add more information about the safety and sufficiency of the ransomware simulation

This commit is contained in:
Shreya 2021-06-24 14:41:38 +05:30
parent 91c3a6cb0d
commit 97bc0fd205
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
docs/content/reference/ransomware.md
View File

@ -16,6 +16,16 @@ If no directory is specified, no files will be encrypted.
<!-- add config screenshot here -->
## How are the files encrypted?
Files are "encrypted" in place with a simple bit flip. Encrypted files are renamed to have
`.m0nk3y` appended to their names.
This is a safe way to simulate encryption since it is easy to "decrypt" your files. You can simply perform a bit flip on the files again and rename them to remove the appended `.m0nk3y` extension.
This is sufficient for a ransomware simulation as your files are unusuable and are renamed with a different extension, similar to how many ransomwares act. These changes should trigger your security solutions.
## Which files are encrypted?
All regular files with [relevant extensions](#relevant-file-extensions-for-encryption) in the
@ -27,14 +37,6 @@ configured directory — only appropriate files in the top level of the tree.
Symlinks and shortcuts are ignored.
## How are the files encrypted?
Files are "encrypted" in place with a simple bit flip. Encrypted files are renamed to have
`.m0nk3y` appended to their names.
To "decrypt" your files, you can simply perform a bit flip on them again.
## Relevant file extensions for encryption
Encryption attempts are only performed on regular files with the following extensions.