Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Icon for Cirrostratus rank

Cirrostratus

Oct 25, 2017

BAD RABBIT Ransomware

Any notifications or directives from F5 around the new ransom-ware BAD RABBIT ?

1 Reply

samstep
Cirrocumulus
Oct 26, 2017
I have not seen anything official from F5 yet.

If you are concerned about websites you run behind F5 ASM make sure you have Cross-Site-Scripting/Command Execution/SQL Injection and attack signatures enabled and ASM policies in blocking mode.

If you are concerned about your users getting infected then generic cyber hygiene rules apply (e.g. do not click on fake Flash Update links, don't allow users become Admin etc).

Bad Rabbit 'calls home' to specific servers which you can block, technical details are here:

https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/

Jonathan - March 2026 Featured Member

DevCentral News

featured member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

DevCentral News

2026 F5 DevCentral MVP Announcement

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5