The CrowdStrike Outage on Friday: How an IT System Has Failed to Open its Windows Operating System, and How to Fix it

On Friday morning, some of the biggest airlines, TV broadcasters, banks, and other essential services came to a standstill as a massive outage rippled across the globe. The outage, which has brought the Blue Screen of Death upon legions of Windows machines across the globe, is linked to just one software company: CrowdStrike.

Researchers on Friday afternoon began warning that attackers are reserving domain names and starting to spin up websites and other infrastructure to run “CrowdStrike Support” scams targeting the company’s customers and anyone who might be impacted by the chaos. CrowdStrike’s own researchers also warned about the activity on Friday and published a list of domains seemingly registered to impersonate the company.

The update seems to have installed flawed software onto the core Windows operating system, causing systems to get stuck in a boot loop. Systems are showing an error message that says, “It looks like Windows didn’t load correctly,” while giving users the option to try troubleshooting methods or restart the PC. The airline in India uses the old fashioned method of doing things by hand.

“Our software is extremely interconnected and interdependent,” Lukasz Olejnik, an independent cybersecurity researcher, consultant, and author of the book Philosophy of Cybersecurity, tells The Verge. There are a lot of single points of failure, including software monoculture at an organization.

How Fast Should IT Systems Remediate to a CloudStrike Incident? Forewarning Your Employees: How Avoidable Are They?

CrowdStrike has put up a fix, but getting things up and running won’t be easy. Olejnik tells The Verge that this issue could take “days to weeks” to resolve because IT administrators may have to have physical access to a device to get them working again. How fast that happens depends on the size and resources of a company’s IT team. Some systems may be unrecoverable, but I assume most of them will be recovered, says Olejnik.

CrowdStrike intelligence has seen attackers trying to send fraudulent mails or make fake phone calls pretending to be CrowdStrike staff in order to trick people into giving up their credentials. Some attackers are also pretending to be researchers and claiming to have special information vital to recovery—that the situation is actually the result of a cyberattack, which it’s not.

Attackers try to trick people into sending them money, steal their account credentials, or even compromise them with malicious software when they take advantage of global events as well as specific geographic issues.

“Threat actors try to take advantage of any major event,” says Callow, managing director of cybersecurity and data privacy communications. “Whenever an organization experiences an incident, it’s something customers and business partners should be prepared for.”

While most individuals are not personally responsible for addressing CloudStrike-related computer outages, the incident is ripe for exploitation because some of the IT professionals working on remediation could be desperate for solutions. It is a potentially time- consuming and logistically difficult process to individually boot and correct impacted computers. The challenge may be particularly daunting for small-business owners without extensive IT expertise.

CrowdStrike emphasizes that customers should only communicate with legitimate company staff members, and only trust the official communications of the company.

CloudStrike customers should work to defend themselves, and Callow says that speed alert to employees outlining potential risks will help. Forewarned is forearmed.