Did CrowdStrike Just Break the Internet?
Alright, let me tell you this. Recently, the internet broke a little thanks to CrowdStrike, a cybersecurity firm that stumbled.
Flights were delayed, companies shut down, and everyone was just looking at the black screen, not really black but the most famous BSOD which is the "blue screen of death" in full form.
Thus, was it a grand PR campaign, or a menacing reminder that the internet is just one misstep from shutting down?
To start with, the first-ever theory that is normally given is the publicity stunt theory. The idea that a company would go to such an extent for attention is just unthinkable and quite simply does not make sense.
Cybersecurity firms, particularly those as large as CrowdStrike, have nothing to gain from a large-scale outage. Reputation is core to them, the very thing that puts food on their table.
So, no, this was not a bid for fame.
Now, the doomsday scenario. This one is somewhat more complicated. It is scary that something as simple as a software update could paralyze so much of the world. It raised the bar of awareness of just how interdependent and vulnerable our wired world is as CNBC termed it the "largest IT outage in history".
Just a little mistake and the whole thing goes up in smoke.
This is not to imply that the internet is set to explode or break down but it is a wake-up call to the fact that human beings are over depending on what they do not comprehend fully.
But, let's be realistic. Outages happen. Software glitches occur. This is always expected when you are working with technology of such proportions.
Wait, is there a fix for this?
Yes, and here it is:
Fixing Your System After the CrowdStrike Outage (For Tech-Savvy Users)
Attention: This guide is intended for users comfortable with advanced troubleshooting steps. It requires physical access to the affected system. If you're unsure, consult your IT department or a tech professional.
Here's how to potentially fix your system after the CrowdStrike outage:
1. Boot into Safe Mode or Windows Recovery Environment (WinRE):
- This allows you to access the operating system with limited functionality, hopefully bypassing the faulty CrowdStrike file.
- Search online for specific instructions on how to boot into Safe Mode or WinRE depending on your Windows version.
2. Locate the Faulty File:
- Once in Safe Mode or WinRE, you'll need to navigate to the CrowdStrike directory.
- Open File Explorer (or equivalent) and navigate to the following location:C:\Windows\System32\drivers\CrowdStrike
3. Delete the Faulty File:
- Look for a file named "C-00000291*.sys". The asterisk (*) indicates there might be multiple versions.
- Important: DO NOT delete any other files in this directory!
- Right-click on the "C-00000291*.sys" file and choose "Delete".
4. Restart Your Computer:
- After deleting the file, completely restart your computer normally.
5. Verify Fix:
- Once your computer restarts, check if the issue is resolved. You should no longer experience crashes or errors related to CrowdStrike.
Important Note:
- This is a temporary fix until CrowdStrike releases a permanent solution. Monitor their website for updates (seems like they already have released one).
- If you're uncomfortable performing these steps, or if the issue persists, seek assistance from your IT department or a tech professional.
However, what this event has clearly shown is that there is a need to have more backup options, stronger structures, and better disaster management strategies.
Wait, let's first break it down and learn what happened:
What led to the CrowdStrike outage?
The outage occurred because CrowdStrike released an incorrect update to the Falcon Sensor service of Windows systems. This update alone crashed 8.5 Million Microsoft Windows-powered devices across the globe causing millions of users and thousands of companies to suffer.
Was this a cyberattack?
No, there is no information that it was a cyberattack. It seems to be a technical problem that might be precipitated by a software update and it was released by CrowdStrike later.
The outage affected several people including the cashier, the customers in line, the store manager, and even the airlines.
The organizations that implemented CrowdStrike Falcon Sensor to the Windows machines were largely affected by this tiny update. These include many big firms, organizations of the government, and producers of essential facilities.
What happened as a result of the outage?
The outage caused widespread disruption, including:
- Crashing and blue screens of death on the devices that are infected by the ransomware.
- Flight disruptions through the grounding of airplanes.
- Losses and interruptions of business activities for most firms.
What actions has CrowdStrike taken to address the identified issue?
CrowdStrike has been able to recognize the bad update and has ceased issuing the update to its users. They are attending to the matter of bringing back functionality to impacted systems.
What can I do to know if my organization was affected?
Your IT department should be in a position to ensure whether your organization employs CrowdStrike Falcon Sensor and whether it was affected by the stoppage.
What should I do if my organization is impacted?
CrowdStrike has advised the users affected to follow their remedial measures as provided by the company. These instructions are most probably accessible through the CrowdStrike Support Portal or by reaching out to your CrowdStrike contact.
What needs to be understood about cybersecurity from this outage?
The CrowdStrike outage case shows that the problem can occur when one software update leads to a massive failure. It underlines the significance of proper test mechanisms and the fact that organizations have to prepare for mishaps.
Thus, although the CrowdStrike outage was certainly disruptive, it is better characterized as a warning than as a prognosis.
It’s an opportunity for us to reflect on our social media readiness and check if we are ready for the next unforeseen disaster.
What do you think? Where am I mistaken here?
Is there more evidence that can be given to either of the theories?