The global IT outage triggered by a faulty CrowdStrike software update has created a perfect storm for cybercriminals to exploit. In the wake of this unprecedented disruption affecting Windows computers worldwide, threat actors are now launching phishing campaigns and distributing malware-laden links.
These malicious actors are preying on individuals and organizations desperate for information and solutions, tricking them into clicking on contaminated links under the guise of offering updates or fixes for CrowdStrike-related issues.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
Massive outage touches every aspect of life
As airlines, banks, grocery stores, 911 emergency communications, medical centers, and virtually every organization running Windows computers with CrowdStrike Falcon attempt to recover from what could be the most destructive tech tsunami, criminals are being observed attempting to offer fake help with a payload of trouble.
BEST ANTIVIRUS FOR PCS – CYBERGUY PICKS 2024
Homeland Security issues alert about threat actors in the wake of CrowdStrike Windows outage
The Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency, known as CISA, is tracking this online criminal activity, which now poses a secondary threat to Americans. Here is the CISA statement:
CISA has observed threat actors taking advantage of this incident for phishing and other malicious activity. CISA urges organizations and individuals to remain vigilant and only follow instructions from legitimate sources. CISA recommends organizations to remind their employees to avoid clicking on phishing emails or suspicious links.
The massive outages started at 1:20 AM ET on Friday when CrowdStrike began rolling out a faulty update to its Falcon security product that protects Windows hosts. Screens around the world turned blue, freezing on a crippling message known as the Blue Screen of Death.
How to protect against threat actors pretending to be CrowdStrike or Microsoft
- Avoid clicking links in any text or email related to the CrowdStrike or Windows disruption.
- Be ready to ride out digital storms like this one by getting your own lifejacket in the form of strong anti-virus protection. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.
- Only use official sources for resolving security incidents like this one.
CrowdStrike’s CEO George Kurtz addressed the global glitch it caused, and an updated statement puts it in perspective:
We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption. We are working with all impacted customers to ensure that systems are back up and they can deliver the services their customers are counting on.
How to recover from the Blue Screen of Death outage
CrowdStrike is actively working through its official channels to roll out a previous version of its Falcon software, but not before the disruptive damage was done worldwide. If you have a Windows PC or laptop experiencing trouble, there are alternative workarounds to help you fix it. The company offers the following additional steps that can be taken if your Windows computer is still having trouble,
Workaround steps for individual hosts:
- Reboot the host to give it an opportunity to download the reverted channel file. If the host crashes again, then:
- Boot Windows into Safe Mode or the Windows Recovery Environment
Note: Putting the host on a wired network (as opposed to WiFi) and using Safe Mode with Networking can help remediation. - Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory
- Locate the file matching “C-00000291*.sys”, and delete it.
- Boot the host normally.
Note: Bitlocker-encrypted hosts may require a recovery key.
HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET
Kurt’s key takeaways
Cybercriminals are quick to take advantage of tech troubles like this massive Windows disruption caused by CrowdStrike. The lesson is to take privacy and security into your own hands by being as resilient as possible to attacks. I recommend running good antivirus protection on every device in you and your family’s lives. See the 2024 review of the Best AntiVirus Protection here for options.
What measures do you believe governments and tech companies should implement to prevent and mitigate the impact of such large-scale IT disruptions in the future? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE