BAD RABBIT Ransomware

Question

Any notifications or directives from F5 around the new ransom-ware BAD RABBIT ?&nbsp;

samstep · Answer

I have not seen anything official from F5 yet.&nbsp;
If you are concerned about websites you run behind F5 ASM make sure you have Cross-Site-Scripting/Command Execution/SQL Injection and attack signatures enabled and ASM policies in blocking mode.&nbsp;
If you are concerned about your users getting infected then generic cyber hygiene rules apply (e.g. do not click on fake Flash Update links, don't allow users become Admin etc). &nbsp;
Bad Rabbit 'calls home' to specific servers which you can block, technical details are here:&nbsp;
https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/&nbsp;

Forum Discussion

BAD RABBIT Ransomware

1 Reply

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Chameleon Malware, Ransomware Decryption Tool Dec 18-24, 2023 - F5 SIRT - This Week in Security

Log-in attacks, Ransomware gangs, Autohack with LLMs-Feb 18-24, 2024- F5 SIRT- This Week in Security

502 Bad Gateway Error

Ransomware, OpenSSH, AI and Trust, Google Geofence Dec 10-17, 2023 - F5 SIRT - This Week in Security

Top 5 Mind Blowing Stats About Ransomware