Quantcast

methodshop

tech news, reviews & how to's

This article may contain affiliate links.

CrowdStrike Global Outage - Illustration of a server surrounded by flames and smoke with the CrowdStrike logo and name in the forefront, depicting a scenario where users might seek "What Happened" or "How to Recover" after a CrowdStrike Global Outage.
CrowdStrike Global Outage

The CrowdStrike Global Outage: What Happened and How to Recover

The CrowdStrike global outage: What caused it, its impact on customers, and how to recover.

cropped methodshop icon 1024x1024
PinLinkedIn
Reading Time: 3 minutes

On July 19, 2024, a single software update from cybersecurity giant CrowdStrike caused unprecedented global IT chaos. Here’s what happened, why it matters, and how to recover if you’re affected by the CrowdStrike global outage.

Table of Contents[Hide][Show]
  1. What is CrowdStrike?
  2. The Incident: What Happened?
  3. Impact: Who Was Affected?
  4. Root Cause Analysis
  5. Recovery Steps
  6. Lessons Learned
  7. FAQs

What is CrowdStrike?

CrowdStrike is a major technology company in the cybersecurity industry, known for its Falcon platform. Here’s what you need to know:

  • Core Product: The CrowdStrike Falcon platform is designed to stop breaches via a unified set of cloud-delivered technologies.
  • Market Share: According to Gartner, CrowdStrike accounts for 14% of the security software market by revenue.
  • Key Features: Falcon provides endpoint protection, threat intelligence, and cyberattack response services.

The CrowdStrike Global Outage: What Happened?

Blue Screen Of Death
The BSOD – blue screen of death

On July 19, 2024, CrowdStrike released a flawed Microsoft Windows software update that caused widespread system failures:

  1. The update was pushed to CrowdStrike’s Falcon monitoring product.
  2. Affected Windows computers entered a catastrophic reboot spiral, often displaying the “Blue Screen of Death.”
  3. Mac and Linux systems were not affected.

Impact: Who Was Affected?

The outage had far-reaching consequences across various sectors:

  • Air Travel: Major airlines grounded flights, causing massive disruptions.
  • Healthcare: Hospitals in multiple countries faced system outages.
  • Banking: Many financial institutions experienced service interruptions.
  • Media: Some TV stations, including Sky News in the UK, were unable to broadcast.
  • Emergency Services: 911 systems in the US reported issues.

Root Cause Analysis

CrowdStrike’s CEO, George Kurtz, provided insights into what went wrong:

  1. The issue stemmed from a single configuration file pushed as an update to Falcon.
  2. The update was aimed at changing how Falcon inspects “named pipes” in Windows.
  3. This change was intended to catch a new method hackers were using for malware communication.
  4. The configuration update triggered a logic error, resulting in operating system crashes.

It’s important to note that this was not a cyberattack, but rather a technical glitch in the update process.

Recovery Steps

If your systems are affected, follow these steps to recover:

  1. Boot Windows into Safe Mode or Windows Recovery Environment (WRE).
  2. Navigate to C:\Windows\System32\drivers\CrowdStrike
  3. Locate and delete the file matching “C-00000291*.sys”
  4. Reboot normally.

For large organizations, this process may need to be repeated manually for each affected system, which could take considerable time.

Lessons Learned From The CrowdStrike Global Computer Outage

A Group Of Five People In Business Attire Are Gathered Around A Laptop, Focusing Intently On The Screen In A Dimly Lit Office Setting, Trying To Determine What Happened During The Crowdstrike Global Outage.
Via Midjourney

The CrowdStrike global outage incident highlights several important points:

  1. Interconnectedness of IT Systems: A single update can have cascading effects across global infrastructure.
  2. Importance of Testing: Even well-established companies can release faulty updates, emphasizing the need for rigorous testing.
  3. Backup and Recovery Plans: Organizations need robust plans to quickly recover from unexpected outages.
  4. Balancing Security and Stability: While frequent updates are crucial for security, they also introduce risks.

CrowdStrike FAQs

Q: Why is CrowdStrike so popular?
A: CrowdStrike’s popularity stems from its advanced cloud-native platform that provides comprehensive protection against various cyber threats.

Q: Does the US government use CrowdStrike?
A: Yes, CrowdStrike has been involved in cybersecurity investigations for the US government, including tracking North Korean hackers.

Q: What company owns CrowdStrike?
A: CrowdStrike is a publicly traded company (NASDAQ: CRWD) and is not owned by any single entity or company.

Q: How long did the outage last?
A: The full duration varied, but many systems required manual intervention, which extended the recovery time for some organizations to days.

Q: Could this happen again?
A: While unlikely, the incident has prompted discussions about changing the model of pushing updates without IT intervention to prevent similar future occurrences.

The #CrowdStrike outage caused global IT chaos. Windows systems crashed worldwide, affecting airports, hospitals, and more. But what is CrowdStrike and what do they do? #CrowdStrikeOutage #Cybersecurity Share on X

You’ll also enjoy these posts

MOST POPULAR posts

MORE LIKE THIS

check out these trending posts

PinLinkedIn
Category: , , Tag: , ,

Reader Interactions

Leave a Reply