The recent global IT outage, instigated by a problematic software update from CrowdStrike, has inadvertently opened the floodgates for cybercriminals. As organizations across the globe grapple with the fallout from this unprecedented disruption, malicious actors are seizing the opportunity to launch phishing campaigns and disseminate malware-laden links. These criminals are targeting individuals and businesses alike, luring them into clicking on contaminated links that masquerade as legitimate updates or solutions to CrowdStrike-related issues.
Massive outage touches every aspect of life
From airlines and banks to grocery stores and emergency services, virtually every organization reliant on Windows computers equipped with CrowdStrike Falcon is feeling the impact of this tech tsunami. In the midst of this chaos, criminals are attempting to exploit the situation by offering fake assistance, which often comes with a hidden agenda.
Homeland Security issues alert about threat actors after CrowdStrike Windows outage
The Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) is closely monitoring this surge in online criminal activity, which presents a secondary threat to the American public. CISA has issued a statement urging vigilance: “CISA has observed threat actors taking advantage of this incident for phishing and other malicious activity. We recommend that organizations and individuals remain cautious and only follow instructions from verified sources. It is crucial to remind employees to avoid clicking on suspicious emails or links.”
The outages began at 1:20 a.m. ET on Friday, coinciding with CrowdStrike’s rollout of a flawed update to its Falcon security product. This led to widespread system failures, with screens freezing on the infamous “blue screen of death.”
How to protect against threat actors pretending to be CrowdStrike or Microsoft
- Avoid clicking links in any communication related to the CrowdStrike or Windows disruption.
- Be prepared for digital storms by investing in robust antivirus protection. This is essential for safeguarding against malicious links that could install malware and compromise your private information. Consider exploring the best antivirus solutions for 2024 to ensure your devices are protected.
- Utilize official sources for addressing security incidents like this one.
CrowdStrike’s CEO, George Kurtz, has acknowledged the severity of the situation, expressing regret for the disruption caused. In a recent statement, he emphasized the company’s commitment to assisting affected customers in restoring their systems and services.
How to recover from the ‘blue screen of death’ outage
In response to the widespread issues, CrowdStrike is working diligently to deploy a previous version of its Falcon software. For those experiencing difficulties with their Windows PCs or laptops, the company has outlined several workaround steps:
Workaround steps for individual hosts:
- Reboot the host to allow it to download the reverted channel file. If the host crashes again, proceed to the next step.
- Boot Windows into Safe Mode or the Windows Recovery Environment. Note: Connecting the host to a wired network instead of Wi-Fi and using Safe Mode with Networking may facilitate remediation.
- Navigate to the %WINDIR%System32driversCrowdStrike directory.
- Locate the file named “C-00000291*.sys” and delete it.
- Boot the host normally.
It is important to note that Bitlocker-encrypted hosts may require a recovery key for access.
Kurt’s key takeaways
Cybercriminals are quick to exploit technological disruptions, such as the recent CrowdStrike incident. This serves as a reminder to prioritize privacy and security by being proactive against potential attacks. Implementing strong antivirus protection across all devices is essential for safeguarding personal information and digital assets. Explore the 2024 review of the best antivirus solutions to find the right fit for your needs.
