Forum Discussion

Maneesh_72711

Cirrostratus

Oct 25, 2017

BAD RABBIT Ransomware

Any notifications or directives from F5 around the new ransom-ware BAD RABBIT ?

Cirrocumulus

Oct 26, 2017

I have not seen anything official from F5 yet.

If you are concerned about websites you run behind F5 ASM make sure you have Cross-Site-Scripting/Command Execution/SQL Injection and attack signatures enabled and ASM policies in blocking mode.

If you are concerned about your users getting infected then generic cyber hygiene rules apply (e.g. do not click on fake Flash Update links, don't allow users become Admin etc).

Bad Rabbit 'calls home' to specific servers which you can block, technical details are here:

https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)