Significant IT disruptions are impacting various industries globally, including airlines, public transport, emergency services, hospitals, TV broadcasters, cargo terminals, and supermarkets. Windows PCs on Friday started showing a “blue screen of death” error. Microsoft has taken steps to address the ongoing effects of the disruption by implementing "mitigation action."
Content Update: Not a Cyber Attack
Crowdstrike says the global IT issues were caused by 'defect' in a 'content update'. The companies CEO, George Kurtz, issued this statement:
"Crowdstrike is actively working with customers impacted by a defect found in a single content update for Windows hosts.
"Mac and Linux hosts are not impacted. This is not a security incident or cyberattack.
"The issue has been identified, isolated and a fix has been deployed.
"We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website.
"We further recommend organisations ensure they’re communicating with Crowdstrike representatives through official channels.
"Our team is fully mobilised to ensure the security and stability of Crowdstrike customers."
The initial alarms were raised by Australian businesses, such as Woolworths and 7-Eleven, signaling operational disruptions. Sydney airport also reported being impacted by a widespread technical outage affecting its services.
Australia's National Cyber Security Coordinator labeled it as a "significant technical disruption" and clarified that there was no evidence indicating it was a deliberate attack.
Major US Airlines Grounded
Major US airlines including American Airlines, Delta Airlines and United Airlines have been grounded, while airports across the world are also reporting issues. More than 1,000 flights have been cancelled globally today so far, according to aviation analytics firm Cirium.
American Airlines, which is the world's biggest by passenger numbers, told the BBC the IT problems were because of a "technical issue with Crowdstrike that is impacting multiple carriers." Crowdstrike shares fell 20% in U.S. premarket trading on Friday morning.
Outside of the aviation industry multiple different organizations across all industries have been affected by the outage.
- The organizing committee for the Paris Olympics says its IT operations have been impacted
- In the US state of Alaska, police warned the 911 system may be unavailable
- In Poland, the Baltic Hub terminal asks ships not to send their containers there
- In the UK, rail companies are "experiencing widespread IT issues" and warning of delays
- Two hospitals in German have cancelled operations scheduled for Friday
Technical Workaround
A leading Information Security Officer, John Wallworth, provided a techincal workaround on LinkedIn, revealing the latest advice from Crowdstrike:
We've all had days like today at some point. If you're unaffected, don't mock, support each other. Latest workaround from Crowdstrike:
1. Boot Windows into Safe Mode or WRE.
2. Go to C:\Windows\System32\drivers\CrowdStrike
3. Locate and delete file matching "C-00000291*.sys"
4. Boot normally.
