CrowdStrike Outage – What Happened and is it now Fixed?

July 23, 2024

Microsoft windows pc laptop blue screen of death crowdstrike outage

Across the world on Friday, 19th July 2024, many workplaces and businesses were faced with an alarming IT outage that disrupted and halted operations for a significant amount of time. The CrowdStrike Outage was caused by a corrupted software update, affecting Windows-based computers, and essentially bringing the globe to a standstill.

Banks, supermarkets, hospitals, airlines and media outlets all faced the impacts of the CrowdStrike outage, with an American cyber expert claiming that compensation claims could surpass $1.5 Billion (AUD).

Business NSW alone have claimed that $200 million (AUD) damages bill could be faced. With the entire world, and an estimated 8.5 million windows-based computers and laptops, facing the dreaded “blue screen of death”, there were fears of a huge, world scale cyberattack.

However, these claims were quickly shut down. Now, however, further questions have been asked. What caused the CrowdStrike outage? Is the outage now fixed? Are the affected computers and laptops safe to use? What are the next steps?

This blog will take a look into how the CrowdStrike outage occurred, the impacts, and what businesses can do next following the devastating IT incident.

Who is CrowdStrike?

crowdstrike logo on building

CrowdStrike is an American cybersecurity technology company, based in Austin, Texas. They provide cloud workload protection, endpoint security, threat intelligence, and cyberattack response services. The purpose of CrowdStrike focuses on protecting their customers from cyberattacks, data breaches, and operational disruption.

It is sadly not the first time that CrowdStrike has been in the news for all the wrong reasons. In a now discredited conspiracy theory, Donald Trump essentially accused the cybersecurity company of assisting the Russian group who played a role in the 2016 hacking of the Democratic National Committee.

Among their vast list of clients, global investment banks, universities, and even the Australian betting agency TAB Corp are connected to CrowdStrike. With recent large scale cyberattacks such as the ones seen with Ticketmaster, Medibank and Optus, cybersecurity has become even more crucial in recent years.

CrowdStrike have been a leading business in the cybersecurity world, with many MSPs instilling their services within their own cybersecurity practices, however there is now a large cloud of doubt hanging over them.

What Caused the CrowdStrike Outage?

graphic of a large red error sign

If you’re an avid Windows computer user, you will know of the dreaded “blue screen of death” that can sometimes occur. Whilst it alone is concerning, just imagine your entire business and its systems facing that exact issue all at once, with no resolution known.

This was the case for many businesses all around the world, with cybersecurity experts describing the outage as “unprecedented” in its overall reach, with many of the biggest companies in the world affected. This was emphasised with Troy Hunt tweeting out “I don’t think it’s too early to call it: this will be the largest IT outage in history”.

The cause of the CrowdStrike outage was confirmed by George Kurts, their chief executive, confirming that the issue was caused by a “defect in a single content update for Windows hosts”, which in summary, was a flaw in the “falcon sensor” used by CrowdStrike.

Whilst it is a positive sign that the outage was not a result of a successful cyberattack, it is still incredibly concerning that not only was such a simple error allowed to cause such a high degree of damage, but also the fact that there were minimal response plans in place for such an event.

Who was Impacted by CrowdStrike Outage?

male business person angry at pc laptop on the phone to complain crowdstrike outage

When talking about who was impacted by the CrowdStrike outage, there has been no shortage in answers, with many businesses, varying in both size and industry, affected by the IT failure.

As mentioned previously, an estimated 8.5 million windows-based computers and laptops were impacted by the outage. Whilst Microsoft have stated that this is actually less than 1% of all windows machines worldwide, the impact seen was still incredibly severe.

As the dust begins to settle on the events of the outage itself, it is now much more clear just who was impacted. Here is a list of just a few major services around the world that were impacted by the CrowdStrike outage:

  • Banks
  • Airports
  • Pharmacies
  • Broadcasters
  • Health Clinics
  • Grocery Shops
  • Online Gaming
  • Financial Markets
  • Event Management
  • Public Transportation
  • Government Services
  • Hospitality (Hotels, Motels, etc)
  • Emergency Services (In some Areas)

How to Fix Computers Affected by the CrowdStrike Outage

lines of computer code to fix crowdstrike outage

Whilst there are predictions that in many cases, it could still take many weeks for the CrowdStrike outage to fully recover naturally, there are in fact ways that users can manually resolve the issue themselves.

Microsoft released on their Download Centre, a USB tool that can assist IT administrators with the repair process. The tool requires you to have administrative privileges and a BitLocker recovery key for each Windows PC affected. Microsoft also posted recovery steps to fix PCs stuck in a restarting cycle due to the faulty CrowdStrike update.

There are also reports that, due to efforts from CrowdStrike in their backend, that restarting your Windows computer can implement the fix required. It has been noted, however, that as many as 15 reboots are required for this to work as intended.

If, however, after all these steps you are still having complications with your Windows device, the CrowdStrike website also has the following details for a manual fix:

  1. Boot your Windows computer into Safe Mode or the Windows Recovery Environment.
  2. Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory.
  3. Locate the file matching “C-00000291*.sys” and delete it.
  4. Boot the host normally.

Note: Bitlocker-encrypted hosts may require a recovery key.

Next Steps Following CrowdStrike Outage

Whilst the team here at Adept IT Solutions have been closely monitoring the ongoing developments of the CrowdStrike outage, it is pleasing to note that our clients remained operational, and continued to experience the robust cybersecurity standards we continue to provide our valued customers.

For many other users, it has been indicated that a full return to service could be some many weeks away, and from that, may face further disruptions as updates continue to roll out. Whilst the steps previously mentioned are in place and it is possible for a resolution to come from manual intervention, why not place your faith in a trusted managed service provider (MSP) like Adept IT Solutions?

Adept IT Solutions provides high quality, professional IT services for small, medium and large businesses across all industries. With a focus on ensuring your business’ IT systems continue to operate as required, whilst safeguarding your IT infrastructure with robust cybersecurity standards, the experienced team at Adept IT Solutions lets you worry about growing your business, whilst we keep you online.

Interested in chatting further about our extensive list of IT services? Want to know a little more about just how important professional IT support is for your business? Feel free to contact us today at 1300 423 378 (ADEPT) or email us at info@adept-it.com.au.

Check out our other articles

graphic of a padlock resting on a motherboard to promote cyber awareness month in 2024

FREE Cybersecurity Awareness Kit