Forum Discussion

Icon for Cirrostratus rank

Cirrostratus

Oct 25, 2017

BAD RABBIT Ransomware

Any notifications or directives from F5 around the new ransom-ware BAD RABBIT ?

application delivery

ASM Advanced WAF

samstep
Cirrocumulus
Oct 26, 2017
I have not seen anything official from F5 yet.

If you are concerned about websites you run behind F5 ASM make sure you have Cross-Site-Scripting/Command Execution/SQL Injection and attack signatures enabled and ASM policies in blocking mode.

If you are concerned about your users getting infected then generic cyber hygiene rules apply (e.g. do not click on fake Flash Update links, don't allow users become Admin etc).

Bad Rabbit 'calls home' to specific servers which you can block, technical details are here:

https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming