Logo
Contact us

Crowdstrike update causes global outage

Massive IT outage worldwide with airports, businesses, broadcasters, banking and healthcare affected.

Many flights have been grounded, with queues and delays at airports.

Cyber-security firm Crowdstrike has admitted that the problem was caused by an update to its Falcon antivirus software, designed to protect Microsoft Windows devices from malicious attacks.

Microsoft has said it is taking "mitigation action" to deal with "the lingering impact" of the outage.

  • Here is a summary of what else we know so far.

What caused the IT outage?

The boss of global cyber-security firm Crowdstrike, George Kurtz, says the problems were caused by a "defect" in a "content update" for Microsoft Windows devices.

He added: "The issue has been identified, isolated and a fix has been deployed."

Mr Kurtz said the issues did not affect other operating systems, adding: "This is not a security incident or cyber-attack."

His statement followed widespread reports that Crowdstrike, which produces antivirus software, had issued a software update that caused Windows devices to crash.

Crowdstrike shares plunged as much as 21% in early pre-market trade. Microsoft also lost ground, as did travel and leisure stocks, as investors weighed the potential disruption for holidaymakers.

When will it be fixed?

Crowdstrike said it was the firm's "mission" to make sure every one of its customers recovered completely from the outage.

But he added that this would not happen automatically and "it could be some time" before everything was up and running as before.

"We're deeply sorry for the impact that we've caused to customers, to travellers, to anyone affected by this, including our companies," he said.

Crowdstrike has issued its fix. But according to those in the know, it will have to be applied separately to each and every device affected.

Every machine will require a manual reboot in safe mode - causing a massive headache for IT departments everywhere.

What is Crowdstrike?

The US firm, based in Austin, Texas, is a listed company on the US stock exchange, featuring in both the S&P 500 and the high-tech Nasdaq indexes. It was founded a mere 13 years ago, but has grown to employ nearly 8,500 people.

As a provider of cyber-security services, it tends to get called in to deal with the aftermath of cyber attacks.

It has been involved in investigations of several high-profile cyber-attacks, such as when Sony Pictures had its computer system hacked in 2014.

But this time, because of a dodgy update to its software, a firm that is normally part of the solution to IT problems is instead at their origin.

In its last earnings report, Crowdstrike declared a total of nearly 24,000 customers. That's an indication not just of the size of the issue, but also the difficulties that could be involved in fixing it.

Each of those customers is a huge organisation in itself, so the number of individual computers affected is hard to estimate.

Who has been affected?

  • Airports and air travel - Many airlines have grounded their flights around the globe.

  • Cruise ships - Some cruise lines have cancelled or delayed departures.

  • Railways - Reported delays and said they were experiencing "widespread IT issues".

  • Payment systems - Many shops could only take cash. In the UK, supermarkets including Morrisons and Waitrose spent the morning unable to accept card payments.

  • Healthcare - In the UK, some doctors' surgeries in England reported issues with booking appointments.

  • Postal services - Royal Mail has said collection, processing and delivery of items across UK is taking place as usual, though there may be some impact on services,

As the full extent of the disruption became clear, more firms and institutions started reporting problems.

  • The US state of Alaska warned that its emergency services were affected.

  • Broadcasters were also caught up in the chaos, including Sky News in the UK, which spent several hours off air.

  • The London Stock Exchange said it was working as normal, but there were issues with its news service, used by companies to report market-sensitive information in a timely way.

  • Poland’s largest container terminal, the Baltic Hub in the northern city of Gdansk, said the outage was "hampering terminal operations" and asked companies not to send containers to the port.

CrowdStrike has performed the largest cyber attack in history. Accidentally.

How to fix?

    1. Boot Windows into safe mode
    1. Go to C:\Windows\System32\drivers\CrowdStrike
    1. Delete C-00000291*.sys
    1. Repeat for every host in your enterprise network including remote workers

Bitlocker fix

More articles

Ticketmaster hit by cyber attack

Parent company Live Nation said it had discovered "unauthorised activity" on 20 May in a third-party cloud database that mostly contained Ticketmaster data.

Read more

LockBit Ransomware: Inside the World’s Most Active Ransomware Group

Profiling LockBit, a prolific ransomware-as-a-service group that has been wreaking havoc on organizations since 2019, including updated news on law enforcement operations intended to thwart its criminal activity.

Read more

Contact Us

Say Hello!

Other ways to reach us