forked from p34709852/monkey
docs: Modify ransomware page and add screenshot of ransomware config
This commit is contained in:
parent
42f14e25c1
commit
4e95721f88
|
@ -10,26 +10,6 @@ pre: "<i class='fa fa-lock'></i>"
|
||||||
The Infection Monkey is capable of simulating a ransomware attack on your
|
The Infection Monkey is capable of simulating a ransomware attack on your
|
||||||
network using a set of configurable behaviors.
|
network using a set of configurable behaviors.
|
||||||
|
|
||||||
## Leaving a README.txt file
|
|
||||||
|
|
||||||
Many ransomware packages leave a README.txt file on the victim machine with an
|
|
||||||
explanation of what has occurred and instructions for paying the attacker.
|
|
||||||
The Infection Monkey can also leave a README.txt file in the target directory on
|
|
||||||
the victim machine in order to replicate this behavior. This can be enabled or
|
|
||||||
disabled by checking the box on the configuration screen. Note that if no
|
|
||||||
target directory is specified for encryption, the Infection Monkey will not
|
|
||||||
leave a README.txt file.
|
|
||||||
|
|
||||||
<!-- add screenshot highlighting readme option -->
|
|
||||||
|
|
||||||
The README.txt file informs the user that a ransomware simulation has taken
|
|
||||||
place and that they should contact their administrator. The contents of the
|
|
||||||
file can be found
|
|
||||||
[here](https://github.com/guardicore/monkey/tree/develop/monkey/infection_monkey/ransomware/ransomware_readme.txt).
|
|
||||||
|
|
||||||
|
|
||||||
<!-- add config screenshot here -->
|
|
||||||
|
|
||||||
|
|
||||||
## Encryption
|
## Encryption
|
||||||
|
|
||||||
|
@ -57,7 +37,7 @@ To ensure minimum interference and easy recoverability, the ransomware
|
||||||
simulation will only encrypt files contained in a user-specified directory. If
|
simulation will only encrypt files contained in a user-specified directory. If
|
||||||
no directory is specified, no files will be encrypted.
|
no directory is specified, no files will be encrypted.
|
||||||
|
|
||||||
<!-- add screenshot highlighting encryption options -->
|
![Ransomware configuration](/images/usage/scenarios/ransomware-config.png "Ransomware configuration")
|
||||||
|
|
||||||
### How are the files encrypted?
|
### How are the files encrypted?
|
||||||
|
|
||||||
|
@ -166,3 +146,16 @@ BitDefender](https://labs.bitdefender.com/2017/07/a-technical-look-into-the-gold
|
||||||
- .xlsx
|
- .xlsx
|
||||||
- .xvd
|
- .xvd
|
||||||
- .zip
|
- .zip
|
||||||
|
|
||||||
|
|
||||||
|
## Leaving a README.txt file
|
||||||
|
|
||||||
|
Many ransomware packages leave a README.txt file on the victim machine with an
|
||||||
|
explanation of what has occurred and instructions for paying the attacker.
|
||||||
|
The Infection Monkey will also leave a README.txt file in the target directory on
|
||||||
|
the victim machine in order to replicate this behavior.
|
||||||
|
|
||||||
|
The README.txt file informs the user that a ransomware simulation has taken
|
||||||
|
place and that they should contact their administrator. The contents of the
|
||||||
|
file can be found
|
||||||
|
[here](https://github.com/guardicore/monkey/tree/develop/monkey/infection_monkey/ransomware/ransomware_readme.txt).
|
||||||
|
|
Binary file not shown.
After Width: | Height: | Size: 136 KiB |
Loading…
Reference in New Issue