Cybercriminals taking advantage of CrowdStrike-linked global computer outage

The global IT outage triggered by a faulty CrowdStrike software update has created a perfect storm for cybercriminals to exploit. In the wake of this unprecedented disruption affecting Windows computers worldwide, threat actors are now launching phishing campaigns and distributing malware-laden links.

These malicious actors are preying on individuals and organizations desperate for information and solutions, tricking them into clicking on contaminated links under the guise of offering updates or fixes for CrowdStrike-related issues.


 

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

 

Massive outage touches every aspect of life

As airlines, banks, grocery stores, 911 emergency communications, medical centers, and virtually every organization running Windows computers with CrowdStrike Falcon attempt to recover from what could be the most destructive tech tsunami, criminals are being observed attempting to offer fake help with a payload of trouble.

 

BEST ANTIVIRUS FOR PCS – CYBERGUY PICKS 2024

 

Homeland Security issues alert about threat actors in the wake of CrowdStrike Windows outage

The Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency, known as CISA, is tracking this online criminal activity, which now poses a secondary threat to Americans.  Here is the CISA statement:

CISA has observed threat actors taking advantage of this incident for phishing and other malicious activity. CISA urges organizations and individuals to remain vigilant and only follow instructions from legitimate sources. CISA recommends organizations to remind their employees to avoid clicking on phishing emails or suspicious links.

The massive outages started at 1:20 AM ET on Friday when CrowdStrike began rolling out a faulty update to its Falcon security product that protects Windows hosts. Screens around the world turned blue, freezing on a crippling message known as the Blue Screen of Death.

 

 

 

How to protect against threat actors pretending to be CrowdStrike or Microsoft

CrowdStrike’s CEO George Kurtz addressed the global glitch it caused, and an updated statement puts it in perspective:

We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption. We are working with all impacted customers to ensure that systems are back up and they can deliver the services their customers are counting on.

 

How to recover from the Blue Screen of Death outage

CrowdStrike is actively working through its official channels to roll out a previous version of its Falcon software, but not before the disruptive damage was done worldwide.  If you have a Windows PC or laptop experiencing trouble, there are alternative workarounds to help you fix it. The company offers the following additional steps that can be taken if your Windows computer is still having trouble,

Workaround steps for individual hosts:

  • Reboot the host to give it an opportunity to download the reverted channel file. If the host crashes again, then:
  • Boot Windows into Safe Mode or the Windows Recovery Environment
    Note: Putting the host on a wired network (as opposed to WiFi) and using Safe Mode with Networking can help remediation.
  • Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory
  • Locate the file matching “C-00000291*.sys”, and delete it.
  • Boot the host normally. 

Note: Bitlocker-encrypted hosts may require a recovery key.

 

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

 

Kurt’s key takeaways

Cybercriminals are quick to take advantage of tech troubles like this massive Windows disruption caused by CrowdStrike. The lesson is to take privacy and security into your own hands by being as resilient as possible to attacks. I recommend running good antivirus protection on every device in you and your family’s lives. See the 2024 review of the Best AntiVirus Protection here for options.

What measures do you believe governments and tech companies should implement to prevent and mitigate the impact of such large-scale IT disruptions in the future? Let us know in the comments below. 

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

Related posts

Best last minute holiday gifts

Understanding brushing scams and how to protect yourself

From TikTok to trouble: How your online data can be weaponized against you