From 253f2668d0ffe9d83b61db49751ecb48c4806137 Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Thu, 8 Jul 2021 20:49:55 +0200 Subject: [PATCH 01/11] Island: Add hidden widget to encryption and readme in ransomware --- .../ui/src/components/configuration-components/UiSchema.js | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js b/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js index 79dced094..374550cc0 100644 --- a/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js +++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js @@ -75,8 +75,13 @@ export default function UiSchema(props) { encryption: { directories: { // Directory inputs are dynamically hidden + }, + enabled: { + + 'ui:widget': 'hidden' } - } + }, + other_behaviors : {'ui:widget': 'hidden'} }, internal: { general: { From 69754205d04f614f0b958e3a4e7c8e6f3d19b759 Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Fri, 9 Jul 2021 11:15:55 +0200 Subject: [PATCH 02/11] Island: Add condition for leaving readme --- monkey/infection_monkey/ransomware/ransomware_payload.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/monkey/infection_monkey/ransomware/ransomware_payload.py b/monkey/infection_monkey/ransomware/ransomware_payload.py index 8993ecab4..b973716a8 100644 --- a/monkey/infection_monkey/ransomware/ransomware_payload.py +++ b/monkey/infection_monkey/ransomware/ransomware_payload.py @@ -61,7 +61,8 @@ class RansomwarePayload: file_list = self._find_files() self._encrypt_files(file_list) - self._leave_readme() + if self._target_dir: + self._leave_readme() def _find_files(self) -> List[Path]: LOG.info(f"Collecting files in {self._target_dir}") From 80050b89e650512b8916b096e967b553b3596f3b Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Fri, 9 Jul 2021 11:23:22 +0200 Subject: [PATCH 03/11] Island: Add unit test leaving no readme if no target dir --- .../ransomware/test_ransomware_payload.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/monkey/tests/unit_tests/infection_monkey/ransomware/test_ransomware_payload.py b/monkey/tests/unit_tests/infection_monkey/ransomware/test_ransomware_payload.py index 8a08a4595..37af9509e 100644 --- a/monkey/tests/unit_tests/infection_monkey/ransomware/test_ransomware_payload.py +++ b/monkey/tests/unit_tests/infection_monkey/ransomware/test_ransomware_payload.py @@ -244,3 +244,16 @@ def test_readme_already_exists( ).run_payload() mock_copy_file.assert_not_called() + + +def test_no_readme_if_no_directory( + build_ransomware_payload, ransomware_payload_config, ransomware_target +): + ransomware_payload_config["encryption"]["enabled"] = True + ransomware_payload_config["encryption"]["directories"]["linux_target_dir"] = "" + ransomware_payload_config["encryption"]["directories"]["windows_target_dir"] = "" + ransomware_payload_config["other_behaviors"]["readme"] = True + ransomware_payload = build_ransomware_payload(ransomware_payload_config) + + ransomware_payload.run_payload() + assert not Path(ransomware_target / README_DEST).exists() From 8e22d2d1ae0e002ff1c4c9996c1f25f1b14592a5 Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Fri, 9 Jul 2021 12:23:12 +0200 Subject: [PATCH 04/11] Island: Add readme note to the bottom of the page --- .../monkey_island/cc/services/config_schema/ransomware.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/monkey/monkey_island/cc/services/config_schema/ransomware.py b/monkey/monkey_island/cc/services/config_schema/ransomware.py index 64b986acb..b8f7aef1f 100644 --- a/monkey/monkey_island/cc/services/config_schema/ransomware.py +++ b/monkey/monkey_island/cc/services/config_schema/ransomware.py @@ -47,7 +47,14 @@ RANSOMWARE = { "files that you will allow Infection Monkey to encrypt. If no " "directory is specified, no files will be encrypted.", }, + }, + + }, + "readme_note": { + "title": "", + "type": "object", + "description": "A README.txt file will be left alongside the encrypted files.", }, }, }, From 0419e14a7a0f30ca1511f318776297aa383ff459 Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Fri, 9 Jul 2021 12:23:12 +0200 Subject: [PATCH 05/11] Island: Add readme note to the bottom of the page --- monkey/monkey_island/cc/services/config_schema/ransomware.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/monkey/monkey_island/cc/services/config_schema/ransomware.py b/monkey/monkey_island/cc/services/config_schema/ransomware.py index 64b986acb..04b1ec118 100644 --- a/monkey/monkey_island/cc/services/config_schema/ransomware.py +++ b/monkey/monkey_island/cc/services/config_schema/ransomware.py @@ -49,6 +49,11 @@ RANSOMWARE = { }, }, }, + "readme_note": { + "title": "", + "type": "object", + "description": "A README.txt file will be left alongside the encrypted files.", + }, }, }, "other_behaviors": { From cd2d08d2667d5217e94470c0bdf6cb490d853259 Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Fri, 9 Jul 2021 13:45:54 +0200 Subject: [PATCH 06/11] Island: Improve wording on readme.txt note --- monkey/monkey_island/cc/services/config_schema/ransomware.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/monkey/monkey_island/cc/services/config_schema/ransomware.py b/monkey/monkey_island/cc/services/config_schema/ransomware.py index 04b1ec118..21f5d61f6 100644 --- a/monkey/monkey_island/cc/services/config_schema/ransomware.py +++ b/monkey/monkey_island/cc/services/config_schema/ransomware.py @@ -52,7 +52,8 @@ RANSOMWARE = { "readme_note": { "title": "", "type": "object", - "description": "A README.txt file will be left alongside the encrypted files.", + "description": "Note: README.txt will be left in the target directory specified" + " for encryption.", }, }, }, From 947ecb330c5361dc3d9c996e02eb4a5c0330fea4 Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Fri, 9 Jul 2021 14:33:43 +0200 Subject: [PATCH 07/11] Island: Add different aproach to check for readme --- .../ransomware/ransomware_payload.py | 10 ++++++---- .../ransomware/test_ransomware_payload.py | 13 +++++++++---- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/monkey/infection_monkey/ransomware/ransomware_payload.py b/monkey/infection_monkey/ransomware/ransomware_payload.py index b973716a8..327f3b581 100644 --- a/monkey/infection_monkey/ransomware/ransomware_payload.py +++ b/monkey/infection_monkey/ransomware/ransomware_payload.py @@ -56,12 +56,16 @@ class RansomwarePayload: return None def run_payload(self): + if not self._target_dir: + return + + LOG.info("Running ransomware payload") + if self._encryption_enabled and self._target_dir: - LOG.info("Running ransomware payload") file_list = self._find_files() self._encrypt_files(file_list) - if self._target_dir: + if self._readme_enabled: self._leave_readme() def _find_files(self) -> List[Path]: @@ -93,8 +97,6 @@ class RansomwarePayload: self._telemetry_messenger.send_telemetry(encryption_attempt) def _leave_readme(self): - if not self._readme_enabled: - return readme_dest_path = self._target_dir / README_DEST diff --git a/monkey/tests/unit_tests/infection_monkey/ransomware/test_ransomware_payload.py b/monkey/tests/unit_tests/infection_monkey/ransomware/test_ransomware_payload.py index 37af9509e..3c911927c 100644 --- a/monkey/tests/unit_tests/infection_monkey/ransomware/test_ransomware_payload.py +++ b/monkey/tests/unit_tests/infection_monkey/ransomware/test_ransomware_payload.py @@ -247,13 +247,18 @@ def test_readme_already_exists( def test_no_readme_if_no_directory( - build_ransomware_payload, ransomware_payload_config, ransomware_target + monkeypatch, ransomware_payload_config, telemetry_messenger_spy, ransomware_target ): + monkeypatch.setattr(ransomware_payload_module, "TARGETED_FILE_EXTENSIONS", set()), + mock_copy_file = MagicMock() + ransomware_payload_config["encryption"]["enabled"] = True ransomware_payload_config["encryption"]["directories"]["linux_target_dir"] = "" ransomware_payload_config["encryption"]["directories"]["windows_target_dir"] = "" ransomware_payload_config["other_behaviors"]["readme"] = True - ransomware_payload = build_ransomware_payload(ransomware_payload_config) - ransomware_payload.run_payload() - assert not Path(ransomware_target / README_DEST).exists() + RansomwarePayload( + ransomware_payload_config, telemetry_messenger_spy, mock_copy_file + ).run_payload() + + mock_copy_file.assert_not_called() From 31a33a70cd1e2744e1db62d12b1f181592cf9053 Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Fri, 9 Jul 2021 14:33:43 +0200 Subject: [PATCH 08/11] Island: Add different aproach to check for readme --- .../ransomware/ransomware_payload.py | 10 ++++++---- .../components/configuration-components/UiSchema.js | 7 ++----- .../ransomware/test_ransomware_payload.py | 13 +++++++++---- 3 files changed, 17 insertions(+), 13 deletions(-) diff --git a/monkey/infection_monkey/ransomware/ransomware_payload.py b/monkey/infection_monkey/ransomware/ransomware_payload.py index b973716a8..327f3b581 100644 --- a/monkey/infection_monkey/ransomware/ransomware_payload.py +++ b/monkey/infection_monkey/ransomware/ransomware_payload.py @@ -56,12 +56,16 @@ class RansomwarePayload: return None def run_payload(self): + if not self._target_dir: + return + + LOG.info("Running ransomware payload") + if self._encryption_enabled and self._target_dir: - LOG.info("Running ransomware payload") file_list = self._find_files() self._encrypt_files(file_list) - if self._target_dir: + if self._readme_enabled: self._leave_readme() def _find_files(self) -> List[Path]: @@ -93,8 +97,6 @@ class RansomwarePayload: self._telemetry_messenger.send_telemetry(encryption_attempt) def _leave_readme(self): - if not self._readme_enabled: - return readme_dest_path = self._target_dir / README_DEST diff --git a/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js b/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js index 374550cc0..9039ca36f 100644 --- a/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js +++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js @@ -76,12 +76,9 @@ export default function UiSchema(props) { directories: { // Directory inputs are dynamically hidden }, - enabled: { - - 'ui:widget': 'hidden' - } + enabled: {'ui:widget': 'hidden'} }, - other_behaviors : {'ui:widget': 'hidden'} + other_behaviors : {'ui:widget': 'hidden'} }, internal: { general: { diff --git a/monkey/tests/unit_tests/infection_monkey/ransomware/test_ransomware_payload.py b/monkey/tests/unit_tests/infection_monkey/ransomware/test_ransomware_payload.py index 37af9509e..3c911927c 100644 --- a/monkey/tests/unit_tests/infection_monkey/ransomware/test_ransomware_payload.py +++ b/monkey/tests/unit_tests/infection_monkey/ransomware/test_ransomware_payload.py @@ -247,13 +247,18 @@ def test_readme_already_exists( def test_no_readme_if_no_directory( - build_ransomware_payload, ransomware_payload_config, ransomware_target + monkeypatch, ransomware_payload_config, telemetry_messenger_spy, ransomware_target ): + monkeypatch.setattr(ransomware_payload_module, "TARGETED_FILE_EXTENSIONS", set()), + mock_copy_file = MagicMock() + ransomware_payload_config["encryption"]["enabled"] = True ransomware_payload_config["encryption"]["directories"]["linux_target_dir"] = "" ransomware_payload_config["encryption"]["directories"]["windows_target_dir"] = "" ransomware_payload_config["other_behaviors"]["readme"] = True - ransomware_payload = build_ransomware_payload(ransomware_payload_config) - ransomware_payload.run_payload() - assert not Path(ransomware_target / README_DEST).exists() + RansomwarePayload( + ransomware_payload_config, telemetry_messenger_spy, mock_copy_file + ).run_payload() + + mock_copy_file.assert_not_called() From d108812e263e7e9e18db7cae4146e5ec876bd433 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Fri, 9 Jul 2021 14:49:00 -0400 Subject: [PATCH 09/11] Agent: Remove redundant condition from RansomwarePayload.run_payload() --- monkey/infection_monkey/ransomware/ransomware_payload.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/infection_monkey/ransomware/ransomware_payload.py b/monkey/infection_monkey/ransomware/ransomware_payload.py index 327f3b581..9324542ad 100644 --- a/monkey/infection_monkey/ransomware/ransomware_payload.py +++ b/monkey/infection_monkey/ransomware/ransomware_payload.py @@ -61,7 +61,7 @@ class RansomwarePayload: LOG.info("Running ransomware payload") - if self._encryption_enabled and self._target_dir: + if self._encryption_enabled: file_list = self._find_files() self._encrypt_files(file_list) From a119855d84146ca28c794fb9ed4794fed7477316 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Fri, 9 Jul 2021 14:53:34 -0400 Subject: [PATCH 10/11] Tests: Remove unnecessary option from test_no_readme_if_no_directory --- .../infection_monkey/ransomware/test_ransomware_payload.py | 1 - 1 file changed, 1 deletion(-) diff --git a/monkey/tests/unit_tests/infection_monkey/ransomware/test_ransomware_payload.py b/monkey/tests/unit_tests/infection_monkey/ransomware/test_ransomware_payload.py index 3c911927c..2db9ecb4a 100644 --- a/monkey/tests/unit_tests/infection_monkey/ransomware/test_ransomware_payload.py +++ b/monkey/tests/unit_tests/infection_monkey/ransomware/test_ransomware_payload.py @@ -252,7 +252,6 @@ def test_no_readme_if_no_directory( monkeypatch.setattr(ransomware_payload_module, "TARGETED_FILE_EXTENSIONS", set()), mock_copy_file = MagicMock() - ransomware_payload_config["encryption"]["enabled"] = True ransomware_payload_config["encryption"]["directories"]["linux_target_dir"] = "" ransomware_payload_config["encryption"]["directories"]["windows_target_dir"] = "" ransomware_payload_config["other_behaviors"]["readme"] = True From eb36869e710fece24cf16fecdf626b0afd1e9aae Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Fri, 9 Jul 2021 14:51:31 -0400 Subject: [PATCH 11/11] Island: Minor wording change to readme_note description --- monkey/monkey_island/cc/services/config_schema/ransomware.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/monkey/monkey_island/cc/services/config_schema/ransomware.py b/monkey/monkey_island/cc/services/config_schema/ransomware.py index 21f5d61f6..245044043 100644 --- a/monkey/monkey_island/cc/services/config_schema/ransomware.py +++ b/monkey/monkey_island/cc/services/config_schema/ransomware.py @@ -52,8 +52,8 @@ RANSOMWARE = { "readme_note": { "title": "", "type": "object", - "description": "Note: README.txt will be left in the target directory specified" - " for encryption.", + "description": "Note: A README.txt will be left in the specified target " + "directory.", }, }, },