Spread the love

CrowdStrike Outage: Major Global Disruption in IT Services for Airlines, Hospitals, and Banks

The recent global IT outage has been traced back to a bug in CrowdStrike’s «Falcon Sensor» software, according to George Kurtz, CEO of the US cybersecurity company. While a fix has been deployed, full recovery is expected to take time.

Source and Impact of the Outage

The issue originated from a bug in CrowdStrike’s antivirus software, Falcon Sensor, which is designed to protect Microsoft Windows devices from malicious attacks. This bug caused Windows systems to crash and display a blue screen (BSOD). A manual workaround alert was issued to clients early Friday morning (0530 GMT), as reported by Reuters.

The outage has significantly impacted various sectors, including banks, airlines, train companies, telecommunications firms, broadcasters, and supermarkets. Kurtz emphasized that this incident is not a cyberattack but a defect in a content update for Windows hosts. Mac and Linux hosts remain unaffected.

Recovery Efforts and Continuous Updates

“We have isolated the issue and deployed a fix,” Kurtz stated, assuring ongoing updates on CrowdStrike’s website. He directed customers to the support portal for the latest information and expressed deep regret for the inconvenience caused. Speaking to NBC, Kurtz acknowledged that system reboots are in progress and that recovery will be gradual.

The glitch has resulted in massive outages, bringing entire companies offline. Users have reported systems stuck in boot loops or showing the BSOD after installing the update.

Widespread Impact

Reports indicate that emergency services in the U.S. and Canada have been affected. Several 911 agencies in states like New York, Alaska, and Arizona, as well as parts of Canada, experienced disruptions. In Illinois, emergency responders resorted to paper documentation until systems recover. Catalonia’s health hotline is similarly affected, with authorities urging citizens to avoid calling unless in an emergency.

Large organizations worldwide felt the impact before the fix was issued. Airports in cities like Berlin, Barcelona, Brisbane, Edinburgh, Amsterdam, London, and Melbourne reported significant disruptions. Zurich Airport halted departures to the U.S., while other airlines like American Airlines, United, and Delta sought assistance from the Federal Aviation Administration due to IT system issues.

In the UK, NHS England reported disruptions in most GP practices, although 999 services were unaffected. Airlines globally issued handwritten tickets, with Ryanair notably affected at Stansted Airport.

Hospitals in the Netherlands, including Scheper in Emmen and Slingeland Hospital in Achterhoek, experienced disruptions but have started to return to normal operations. Similarly, Terrassa University Hospital and the Catalan Oncology Institute in Barcelona faced issues but are recovering.

Media outlets such as Sky News and ABC reported system crashes. Social media buzzed with users from Malaysia, Australia, New Zealand, the Philippines, and China sharing their frustrations over the widespread outages.

Technical Details and Workaround

CrowdStrike identified a Channel File in the update as the cause. This file can be addressed individually, allowing users to retain the Falcon Sensor update. The following workaround steps have been provided for affected systems:

  1. Boot Windows into Safe Mode or the Windows Recovery Environment.
  2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory.
  3. Locate and delete the file matching “C-00000291*.sys”.
  4. Boot the host normally.

Commitment to Resolution

George Kurtz assured that CrowdStrike is actively working with customers and recommended using official channels for support. A fix has been deployed, and customers are advised to check the support portal for the latest updates.

Founded in 2011, CrowdStrike aims to address sophisticated cyberattacks with advanced endpoint protection and expert intelligence. The company remains committed to resolving the current issue and ensuring full recovery for all affected customers.