CrowdStrike Outage
Significant Number of Devices Restored After Global IT Outage, Says CrowdStrike
Microsoft has been actively involved in the recovery efforts
In the wake of one of the most extensive IT outages in history, cybersecurity firm CrowdStrike announced that a "significant number" of the 8.5 million Microsoft devices affected by the incident are now back online. The outage, which began on Friday, was triggered by a faulty security update from CrowdStrike, causing widespread disruption across various sectors globally.
The flawed update, which was part of CrowdStrike's Falcon endpoint protection service, led to Windows devices crashing and displaying the notorious Blue Screen of Death (BSOD). This incident has highlighted the vulnerability of global computer networks, with businesses, banks, hospitals, and airlines among the worst-hit sectors.
"We understand the profound impact this has had on everyone. We know our customers, partners, and their IT teams are working tirelessly, and we're profoundly grateful," CrowdStrike said in a social media post. "We apologize for the disruption this has created."
Despite the progress, CrowdStrike did not specify how many devices remain affected. The company continues to focus on restoring all impacted systems, a process that is proving to be laborious and time-consuming. According to security expert Kevin Beaumont, system administrators must manually access each affected device, initiate safe mode, and remove the problematic file—a task further complicated for organizations with encrypted drives.
The severity of the situation is underscored by the continuous crashing and rebooting of servers holding crucial data required for system restoration. Security analyst Troy Hunt has described the incident as potentially the most extensive IT outage in history, emphasizing the gravity of the situation.
Microsoft has been actively involved in the recovery efforts, deploying hundreds of engineers and experts to work directly with customers. The software giant is also collaborating with other cloud providers, including Google Cloud and Amazon Web Services, to share awareness and inform ongoing conversations with CrowdStrike and affected customers.
"We recognize the disruption this problem has caused for businesses and in the daily routines of many individuals," Microsoft said in a blog post. "Our focus is providing customers with technical guidance and support to safely bring disrupted systems back online."
The impact of the outage has been far-reaching. More than 1,400 flights into or out of the US were canceled on Sunday, with Delta and United Airlines being the worst affected. Health services in Britain, Israel, and Germany also experienced significant disruptions, leading to the cancellation of some services.
In Asia-Pacific, notable organizations such as Malaysia’s AirAsia, Australia’s Coles and Woolworths, India’s PhonePe and Tata Starbucks, and Airports of Thailand were among those affected.
In response to the outage, national cybersecurity agencies have issued warnings about an increase in related scams. Australia's National Cyber Security Coordinator, Michelle McGuinness, reported a rise in scam attempts exploiting the recovery efforts. "As systems are being restored, I urge Australian businesses and members of the community to be vigilant. Do not engage with suspicious websites, emails, texts, and phone calls," she said.
Similarly, Singapore’s Cyber Security Agency warned of an ongoing phishing campaign targeting CrowdStrike users. Threat actors are leveraging the outage as a "lure theme" to send phishing emails posing as CrowdStrike support and impersonate CrowdStrike staff in phone calls. These emails may also claim to be from independent researchers offering remediation insights.
CrowdStrike has been working with customers to test a new technique to speed up the remediation of impacted systems and is in the process of operationalizing an opt-in to this technique. "We’re making progress by the minute," the company stated.
As the recovery process continues, the incident serves as a stark reminder of the critical importance of robust cybersecurity measures and the potential for a single glitch to cause global chaos.