Understanding the July 2024 Global CrowdStrike Outage
If you were trying to fly during the weekend of July 19th to 21st, you may have learned a new word: CrowdStrike. Most people weren’t aware of this company before its powerful security software caused over 8 million devices to fail, but now the name has become commonplace.
This article will look at what exactly happened with the CrowdStrike outage, examine who was impacted most, and discuss the importance of finding a managed IT service provider that offers local support.
What is CrowdStrike?
CrowdStrike is a company that provides cybersecurity services to protect computers and networks from hackers, viruses, and other online threats. The recent global outage came from a buggy update released for their Falcon sensor software – although for brevity we will refer to the problematic update simply as “CrowdStrike” when moving forward.
What makes CrowdStrike particularly powerful is that its software runs at a privileged level on your computer systems. This means it has deep access to monitor and manage almost all aspects of your system’s operations. Because it operates at such a high level of access, it can effectively detect and prevent threats in real-time, providing comprehensive protection for sensitive information and critical operations.
However, this also means that if something goes wrong with CrowdStrike’s software, it can cause significant problems. Since it has such extensive control over the systems it protects, an outage can lead to widespread disruptions which may prove quite difficult to fix.
What caused the CrowdStrike outage?
On Friday, July 19th a routine update was sent out to CrowdStrike users. However, this update contained some faulty code which managed to get past the company’s vetting process. This code, either in the configuration or signature files, caused roughly 8.5 million Windows devices to crash, leaving users stuck on the infamous Blue Screen of Death.
Who was affected by the CrowdStrike outage?
Businesses around the world were immediately crippled by the CrowdStrike outage. Most notably, were the massive shutdowns experienced across the airline industry. Without access to the digital tools necessary for operations, airlines were forced to cancel thousands of flights and delay tens of thousands more.
Airlines weren’t the only industry impacted by the outage, with hospitals, government agencies, and businesses of all sizes suffering. Even small businesses found themselves on the receiving end of the outage, with restaurants, psychiatrists, and locksmiths alike watching their daily operations grind to a halt.
While the outages for the airline industry may end up costing hundreds of millions or even billions of dollars, the outages for small businesses often pose a greater existential risk. It is common for small businesses to not have an in-house IT team and thus outages like this take far longer to resolve. Even a few days of lost revenue can seriously impact a business’s long-term growth, and longer outages are devastating.
How do you fix a blue screen of death (BSOD) caused by the CrowdStrike update?
Ok, let’s preface this section with a quick warning! This article’s intention is to speak about the impact of the CrowdStrike outage and address broader concerns related to managed IT solutions.
Accordingly, we urge anyone impacted by the outage to refer to CrowdStrike’s Remediation and Guidance Hub for the most up to date information about how to fix their systems after the failed update.
One crucial thing to understand about the update is the difficulty in doing it fully remotely. While more and more businesses are switching to fully remote IT departments, failures like the CrowdStrike outage illustrate the importance of having access to local technicians. Users will need to bypass the Blue Screen of Death, access safe mode, and then locate and delete the correct files. This process, which is not guaranteed to work, is time consuming and will require some technical know-how.
No Long Distance Fixes
Fixing the CrowdStrike update on laptops requires rebooting into safe mode and then deleting the impacted files. This process can be quite time consuming with some users reporting that they needed to reboot systems upwards of 15 times before their system would allow them to access safe mode.
During this process, users with encrypted drives may find themselves prompted for their BitLocker security keys. This 48 character, alpha-numeric password will need to be entered successfully in order for the repair to continue. CrowdStrike’s recovery tutorial video apologetically remarks “you may need to enter [it] multiple times. Unfortunately, this may take some time.”
With a bit of patience and luck, you may be able to reboot into safe mode, and at this point it’s just a matter of locating the faulty file, deleting it, and rebooting.
Be Prepared to Keep Troubleshooting
While CrowdStrike’s guide will fix most of the issues – there have been cases where their instructions prove inadequate. To help with this, Microsoft has released its own recovery tool which requires users to boot directly from a USB drive to resolve the issue.
It is beyond the scope of this article to explore the details of this solution – but be advised that it may prove overly technical for many users.
Recovering from the CrowdStrike outage requires users to physically take steps that may prove daunting for casual users who are used to simply logging into their computers and getting to work. Without an IT support team that is able to offer local support, your team members will have to carry this load themselves!
Beware: Scammers and hackers are taking advantage of the CrowdStrike outage
While the CrowdStrike outage was bad enough – malicious actors are rushing to take advantage of the confusion. Numerous websites have been set up which include downloadable ‘fixes’ or even paid ‘solutions’ which in fact contain malware.
In some cases users are getting emails or even phone calls from people claiming to be representatives of CrowdStrike. These phishing attempts either result in the victim accidentally divulging sensitive information, downloading fraudulent update packages, or both!
It is incredibly important to remain on guard and to not rush your system restoration process. Double check URLs where you are downloading updates, and only trust reputable sources like Microsoft or CrowdStrike.
What the CrowdStrike outage means for small businesses
The CrowdStrike outage underscores the importance of having access to a local IT support team. While fully remote IT support may be adequate much of the time, there are serious limitations that need to be considered.
The CrowdStrike outage also illustrates the importance of having business continuity plans in place – as hundreds or thousands of businesses realized this weekend that their operations could come grinding to a halt through no fault of their own!
If your small or medium sized business in the South Carolina Midlands is looking for a managed IT service provider (MSP) that offers local, hands-on support, Bristeeri Technology is here to help.