From 97bc0fd2051d0bdeca778bebd76fed875aae1b85 Mon Sep 17 00:00:00 2001 From: Shreya Date: Thu, 24 Jun 2021 14:41:38 +0530 Subject: [PATCH] docs: Add more information about the safety and sufficiency of the ransomware simulation --- docs/content/reference/ransomware.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/docs/content/reference/ransomware.md b/docs/content/reference/ransomware.md index 7efe56e1a..6e6f614d7 100644 --- a/docs/content/reference/ransomware.md +++ b/docs/content/reference/ransomware.md @@ -16,6 +16,16 @@ If no directory is specified, no files will be encrypted. +## How are the files encrypted? + +Files are "encrypted" in place with a simple bit flip. Encrypted files are renamed to have +`.m0nk3y` appended to their names. + +This is a safe way to simulate encryption since it is easy to "decrypt" your files. You can simply perform a bit flip on the files again and rename them to remove the appended `.m0nk3y` extension. + +This is sufficient for a ransomware simulation as your files are unusuable and are renamed with a different extension, similar to how many ransomwares act. These changes should trigger your security solutions. + + ## Which files are encrypted? All regular files with [relevant extensions](#relevant-file-extensions-for-encryption) in the @@ -27,14 +37,6 @@ configured directory — only appropriate files in the top level of the tree. Symlinks and shortcuts are ignored. -## How are the files encrypted? - -Files are "encrypted" in place with a simple bit flip. Encrypted files are renamed to have -`.m0nk3y` appended to their names. - -To "decrypt" your files, you can simply perform a bit flip on them again. - - ## Relevant file extensions for encryption Encryption attempts are only performed on regular files with the following extensions.