VakarisZ
b7c8006f94
Add readme to ransomware section of configuration schema
2021-06-28 14:43:51 +03:00
Mike Salvatore
33a6e72df5
Merge pull request #1265 from guardicore/ransomware-encryption-documentation
...
Add documentation for ransomware
2021-06-27 17:32:14 -04:00
Mike Salvatore
3d403a92e8
agent: Fix incorrect config in ransomware payload
2021-06-25 10:21:08 -04:00
Mike Salvatore
1294e38f6e
Merge pull request #1259 from guardicore/ransomware-telemetry
...
Ransomware telemetry
2021-06-25 10:16:42 -04:00
Shreya
954cc469cf
docs: Reword paragaraph about why ransomware simulation is sufficient
2021-06-25 19:07:32 +05:30
Mike Salvatore
76cf8a1bb4
agent: Wrap ransomware payload build/run in run_ransomware()
2021-06-25 09:19:15 -04:00
Shreya
61d95f52e1
docs: Reword the paragraph describing why the ransomware simulation is good enough
2021-06-25 16:37:50 +05:30
Shreya
32026f64a4
docs: Change "relevant extensions" to "targeted extensions" in ransomware docs
2021-06-25 16:27:35 +05:30
Shreya
f77d0c28c2
docs: Add note about why ransomware encryption is not recursive and ignores shortcuts and symlinks
2021-06-25 16:22:59 +05:30
Shreya Malviya
3ddde83b5c
docs: Reword ransomware introductory description
...
Add "only" to clarify that encryption will only take place if a directory is specified.
Co-authored-by: Mike Salvatore <mike.s.salvatore@gmail.com>
2021-06-25 16:00:49 +05:30
Mike Salvatore
6773f695ba
agent: Use ITelem in send_telemetry() typehint
2021-06-24 15:57:10 -04:00
Mike Salvatore
7b9c39edc6
Remove RansomwareTelem from vulture_allowlist
2021-06-24 15:55:17 -04:00
Mike Salvatore
76da583420
agent: Send telemetry from ransomware payload
2021-06-24 15:49:19 -04:00
Mike Salvatore
21525be192
agent: Use ITelem in ITelemetryMessenger.send() typehint
2021-06-24 13:55:09 -04:00
Mike Salvatore
46da0b7b1f
agent: Add ITelem interface
...
Create a telemetry interface that sits above the BaseTelem abstract
class to allow telemetries to be extended without inheritance.
2021-06-24 12:07:14 -04:00
Mike Salvatore
77e3c8a257
agent: Add telemetry messenger interface
...
The telemetry classes have too many responsibilities. At the moment, one
such responsibility is to send themselves to the island. As our plugin
interfaces develop, the need may arise to send telemetry using different
mechanisms. To isolate the RansomwarePayload from these changes, the
ITelemetryMessenger interface is introduced in this commit. It provides
a send_telemetry() method that handles the specific details of how
telemetry is sent to the Island.
At the present time, the TelemetryMessengerWrapper class is introduced
to handle sending telemetry. It simply wraps the existing send() method
on the telemetry class.
2021-06-24 10:26:00 -04:00
Shreya
cec8341b17
tests: Add unit tests for ransomware telem
2021-06-24 10:26:00 -04:00
Shreya
29bd48f703
telem: Add ransomware telemetry
2021-06-24 10:26:00 -04:00
Shreya
d600aa7208
telem: Add telem category for ransomware
2021-06-24 10:26:00 -04:00
Mike Salvatore
6744ee71fc
Merge pull request #1264 from guardicore/ransomware-bitflip-encryption
...
Ransomware bitflip encryption
2021-06-24 08:24:52 -04:00
Mike Salvatore
ef209a693c
agent: Remove second file from test_file_encrypted_in_place()
2021-06-24 07:00:44 -04:00
Mike Salvatore
f1e592380b
agent: Rename test_file_with_included_extension_encrypted
2021-06-24 07:00:06 -04:00
Shreya
97bc0fd205
docs: Add more information about the safety and sufficiency of the ransomware simulation
2021-06-24 14:41:38 +05:30
Shreya
91c3a6cb0d
docs: Reword some content on the ransomware page
2021-06-24 13:19:39 +05:30
Mike Salvatore
70480c7011
agent: Rename RansomwareBitflipEncryptor -> BitflipEncryptor
2021-06-23 11:05:34 -04:00
Mike Salvatore
1929ea7dae
agent: Add file_selectors.select_production_safe_target_files()
2021-06-23 11:01:58 -04:00
Mike Salvatore
97cf198965
agent: Narrow the responsibilities of RansomwareBitflipEncryptor
2021-06-23 10:50:14 -04:00
Shreya
da204416e6
docs: Add reference page for ransomware
2021-06-23 19:45:43 +05:30
Mike Salvatore
2ea5dc6ac7
tests: Add missing test_lib.dll
...
The .gitignore file prevents dlls from being added to git. Since this
isn't a real dll, but is only used for testing, we can add it anyway.
2021-06-23 09:57:27 -04:00
Mike Salvatore
9165737389
agent: Use larger chunk size in RansomwarePayload
...
The larger chunk size improves efficiency by reducing the number of
reads.
2021-06-23 09:42:12 -04:00
Mike Salvatore
ae0dfec3cc
agent: Return results from RansomwareBitflipEncryptor.encrypt_files()
2021-06-23 09:37:33 -04:00
Mike Salvatore
f1a365def2
agent: Add unit test for RansomwareBitflipEncryptor
2021-06-23 09:19:46 -04:00
Mike Salvatore
707b40608a
tests: Extract ransomware target files to ransomware_target_files.py
2021-06-23 09:08:36 -04:00
Mike Salvatore
d99811f83f
tests: Move ransomware_target() fixture to ransomware/conftest.py
2021-06-23 09:04:24 -04:00
Mike Salvatore
45ba743418
tests: Move hash_file() into tests/utils.py
2021-06-23 09:01:42 -04:00
Mike Salvatore
ab40518881
agent: Extract bitflip encryption into its own class
2021-06-23 08:56:12 -04:00
Mike Salvatore
2c97d04673
Agent: Don't run ransomware payload if no directory was specified
2021-06-23 08:34:09 -04:00
Mike Salvatore
7149e112b0
agent: Remove dirs_exist_ok from shutil.copytree() call
...
The dirs_exist_ok parameter of shutil.copytree() was introduced in
Python 3.8. Since the agent uses python3.7 in order to be more
compatible with older systems, we can't use this parameter.
2021-06-23 08:14:34 -04:00
Mike Salvatore
6307606010
Remove get_files_to_encrypt from Vulture's allow list
2021-06-23 07:14:57 -04:00
Mike Salvatore
297adcf015
agent: Don't redefine EXTENSION in ransomware tests
2021-06-23 07:10:55 -04:00
Mike Salvatore
447138c079
agent: Rename RansomewarePayload.target_dir -> _target_dir
2021-06-23 06:57:31 -04:00
Mike Salvatore
cef3bd618d
agent: Test that ransomware payload does not encrypt recursively
2021-06-23 06:57:31 -04:00
Mike Salvatore
2dd75d7d0c
agent: Rename files encrypted by ransomware with .m0nk3y extension
2021-06-23 06:57:31 -04:00
Mike Salvatore
1ff348d2fc
agent: Add in-place, bitflip encryption to RansomwarePayload
2021-06-23 06:57:31 -04:00
Mike Salvatore
3edaffa922
agent: Add utility functions for flipping bits
2021-06-23 06:57:31 -04:00
Mike Salvatore
2b1ba994a4
agent: Remove errant "f" in format string
2021-06-23 06:55:35 -04:00
Mike Salvatore
8226512340
Merge pull request #1263 from guardicore/ransomware-ignore-links
...
Ransomware ignore links
2021-06-23 06:41:47 -04:00
Mike Salvatore
b35670eadb
Merge branch 'ransomware-iterate-files' into develop
2021-06-23 06:41:07 -04:00
VakarisZ
f5ebd2d39a
Fix a bug of incorrect access to ransomware config options in ransomware_payload.py
2021-06-23 11:48:24 +03:00
Mike Salvatore
2549f088d1
agent: Do not encrypt Windows shortcuts in ransomware simulation
...
In order to keep Infection Monkey safe for production environments, the
ransomware payload will explicitly ignore Windows shortcuts to prevent
important files from accidentally getting encrypted.
2021-06-22 15:27:48 -04:00