Merge branch '3575-update-ransomware-documentation' into develop

Issue #3575
PR #3586

docs/content/usage/ransomware-simulation.md

@@ -8,30 +8,28 @@ pre: "<i class='fa fa-lock'></i> "
 ---
 
 The Infection Monkey is capable of simulating a ransomware attack on your
-network using a set of configurable behaviors.
-
-
-## Encryption
-
-In order to simulate the behavior of ransomware as accurately as possible,
-the Infection Monkey can [encrypt user-specified files](#configuring-encryption)
-using a [fully reversible algorithm](#how-are-the-files-encrypted). A number of
-mechanisms are in place to ensure that all actions performed by the encryption
-routine are safe for production environments.
-
-### Preparing your environment for a ransomware simulation
-
-The Infection Monkey will only encrypt files that you allow it to. In
-order to take full advantage of the Infection Monkey's ransomware simulation, you'll
+network using a set of configurable behaviors. In order to simulate the
+behavior of ransomware as accurately as possible, the Infection Monkey can
+[encrypt user-specified files](#configuring-encryption) using a [fully
+reversible algorithm](#how-are-the-files-encrypted). A number of mechanisms are
+in place to ensure that all actions performed by the encryption routine are
+safe for production environments.
+
+## Workflow
+### 1. Prepare your environment for a ransomware simulation
+
+The Infection Monkey will only encrypt files that you allow it to. In order to
+take full advantage of the Infection Monkey's ransomware simulation, you'll
 need to provide the Infection Monkey with a directory that contains files that
-are safe for it to encrypt. The recommended approach is to use a remote
-administration tool, such as
+are safe for it to encrypt. The recommended approach is to use a configuration
+management tool, such as
 [Ansible](https://docs.ansible.com/ansible/latest/user_guide/) or
-[PsExec](https://theitbros.com/using-psexec-to-run-commands-remotely/) to add a
-"ransomware target" directory to each machine in your environment. The Infection
-Monkey can then be configured to encrypt files in this directory.
+[PsExec](https://theitbros.com/using-psexec-to-run-commands-remotely/), or even
+a Windows GPO, to add a "ransomware target" directory to each machine in your
+environment. The Infection Monkey can then be configured to encrypt files in
+this directory.
 
-### Configuring encryption
+### 2. Configure encryption
 
 To ensure minimum interference and easy recoverability, the ransomware
 simulation will only encrypt files contained in a user-specified directory. If
@@ -43,8 +41,33 @@ Monkey to use instead. You can even provide no file extension, but take
 caution: you'll no longer be able to tell if the file has been encrypted based
 on the filename alone!
 
-![Ransomware configuration](/images/island/configuration_page/ransomware_configuration.png "Ransomware configuration")
+![Ransomware
+configuration](/images/island/configuration_page/ransomware_configuration.png
+"Ransomware configuration")
+
+### 3. Configure propagation
+
+If you would like the Infection Monkey to propagate through the network,
+[Configure](/usage/configuration/) the network settings and one or more
+exploiters.
+
+### 4. Run the Agent
+
+Once everything is configured to your liking, simply [run the
+agent](/usage/getting-started#running-the-infection-monkey) to begin the
+ransomware simulation.
+
+### 5. Clean up
+
+After the simulation is complete, you can use the same mechanism you used in
+[step
+1](/usage/ransomware-simulation#1-prepare-your-environment-for-a-ransomware-simulation)
+to either remove the target directory or replace the encrypted files with
+unencrypted files. In most cases, there's no need to attempt to decrypt the
+files, as you should still have the originals.
+
 
+## Technical details
 ### How are the files encrypted?
 
 Files are "encrypted" in place with a simple bit flip. Encrypted files are
@@ -57,17 +80,16 @@ Flipping a file's bits is sufficient to simulate the encryption behavior of
 ransomware, as the data in your files has been manipulated (leaving them
 temporarily unusable). Files are then renamed with a new extension appended,
 which is similar to the way that many ransomwares behave. As this is a
-simulation, your
-security solutions should be triggered to notify you or prevent these changes
-from taking place.
+simulation, your security solutions should be triggered to notify you or
+prevent these changes from taking place.
 
 ### Which files are encrypted?
 
 During the ransomware simulation, attempts will be made to encrypt all regular
 files with [targeted file extensions](#files-targeted-for-encryption) in the
 configured directory. The simulation is not recursive, i.e. it will not touch
-any files in sub-directories of the configured directory. The Infection Monkey will
-not follow any symlinks or shortcuts.
+any files in sub-directories of the configured directory. The Infection Monkey
+will not follow any symlinks or shortcuts.
 
 These precautions are taken to prevent the Infection Monkey from accidentally
 encrypting files that you didn't intend to encrypt.
@@ -154,11 +176,11 @@ BitDefender](https://labs.bitdefender.com/2017/07/a-technical-look-into-the-gold
 - .zip
 
 
-## Leaving a README.txt file
+### Leaving a README.txt file
 
 Many ransomware packages leave a README.txt file on the victim machine with an
-explanation of what has occurred and instructions for paying the attacker.
-The Infection Monkey will also leave a README.txt file in the target directory on
+explanation of what has occurred and instructions for paying the attacker. The
+Infection Monkey will also leave a README.txt file in the target directory on
 the victim machine in order to replicate this behavior.
 
 The README.txt file informs the user that a ransomware simulation has taken