Many businesses will take days or even weeks to recover from the effects of last Friday’s major global IT outage, which is being described as the worst in history.
The incident has not been linked to a cyber-attack, and there is no evidence of cybercriminal involvement, say CrowdStrike. Despite this, events like these can lead to subsequent threats such as phishing and scams, highlighting the importance of mitigating any further cyber risks.
Who are CrowdStrike?
- CrowdStrike is a leading cybersecurity firm that focuses on endpoint protection, threat intelligence, and response to cyberattacks. They offer advanced solutions to detect, prevent, and address cyber threats using cloud-based technologies and artificial intelligence. Renowned for their expertise, CrowdStrike specialises in identifying and countering sophisticated cyber threats, including those from state-sponsored actors and organised cybercriminals.
How did we get to this point?
Friday 19th July 2024
Global disruption has ensued as mass IT outages are being reported worldwide, beginning in Australia. Reports indicate that Windows computers are restarting automatically and displaying the “blue screen of death”, rendering many Windows-specific devices inaccessible. According to CrowdStrike, Mac OS and Linux devices have not been affected by this issue.
As the issue spreads, many people across Europe begin to report the same problem on their Windows devices, followed by similar reports from the Middle East and eventually the US. Flights are grounded, trains halted, supermarket checkouts descend into chaos, and broadcast networks scramble to respond. Amid the widespread panic, one thing becomes clear: all the affected computers are running on CrowdStrike’s cybersecurity platform.
CrowdStrike's Advice
- CrowdStrike releases technical details about the outage and guidance on how to address its effects:
- a) Boot Windows into Safe Mode or the Recovery Environment
- b) Navigate to C:\Windows\System32\drivers\CrowdStrike directory
- c) Locate and delete the file matching "C-00000291*.sys"
- d) Boot the host normally
20th July 2024
In the early hours of the morning, CrowdStrike announced that they had identified the faulty channel file and were deploying a fix to prevent further devices being impacted. However, fully removing the problematic file on already-impacted systems might require a tech team to access the device directly, leading to an extensive recovery time due to the complexity of the task.
Users affected by this outage on their work or personal devices have been urged to stay cautious of fraudulent emails and websites claiming to offer solutions, as many have been reported as malicious or fake. The CYFOR Secure team advises you to refer to official updates from CrowdStrike and to consult your IT administrator for assistance if issues continue to arise at work.
What is the Blue Screen of Death?
- The "Blue Screen of Death" (aka the BSOD) is a stop error screen displayed by Windows when it encounters a critical system error from which it cannot recover. It indicates that the operating system has crashed and provides information useful for diagnosing and troubleshooting the problem.
Should you have been affected by this, our team is on standby to provide advice and address your concerns. Contact our team here or call us on 0330 135 5756.
Read the full report and guidance piece from CrowdStrike here.