For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Icon for Cirrostratus rank

Cirrostratus

Oct 25, 2017

BAD RABBIT Ransomware

Any notifications or directives from F5 around the new ransom-ware BAD RABBIT ?

application delivery

ASM Advanced WAF

1 Reply

samstep
Cirrocumulus
Oct 26, 2017
I have not seen anything official from F5 yet.

If you are concerned about websites you run behind F5 ASM make sure you have Cross-Site-Scripting/Command Execution/SQL Injection and attack signatures enabled and ASM policies in blocking mode.

If you are concerned about your users getting infected then generic cyber hygiene rules apply (e.g. do not click on fake Flash Update links, don't allow users become Admin etc).

Bad Rabbit 'calls home' to specific servers which you can block, technical details are here:

https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

Community Articles

application delivery

container ingress services

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5