Computer systems and servers across the globe that use CrowdStrike software are unable to boot into Windows after the Austin, TX based company pushed out an update to it’s customers earlier this morning.
CrowdStrike is an American cybersecurity technology company that provides cloud workload protection and endpoint security, threat intelligence, and cyberattack response services; in laymen terms, they provide Antivirus for many large banks, airlines, television networks, hospitals, and first responders. Connecticut State Police asked Troopers to bring in notepads on Friday morning as the agency dealt with partial outages throughout the state.
Among the prominent investors in the Austin-based company Crowdstrike are Blackrock Inc, Vanguard Group, and Morgan Stanley. According to GovTribe, a federal market intelligence platform owned by GovExec, CrowdStrike holds notable contracts with the Justice Department, State Department, and Department of Homeland Security. Currently, the number of endpoints affected within those government bodies remains unclear.
Before todays mishap, CrowdStrike was primarily recognized by some for its investigation into Russia’s breach of the Democratic National Committee before the 2016 election. In 2019, former President Donald Trump raised doubts about CrowdStrike during a conversation with Ukrainian President Volodymyr Zelenskyy.
System administrators are indicating that the only fix available at this time is to manually walk over to each computer physically, and boot into “Safe Mode’ — deleting a file under the System32\Drivers\CrowdStrike directory seems to allow Windows to boot from there. For organizations that maintain hundreds or thousands of computers, the task is enormous.
Mac and Linux machines are not affected, and there is no known fix at this time if the computer’s drive is encrypted.
It’s important to note that even if your IT systems are working, connecting to SaaS or cloud solutions are problematic, including Microsoft 365 services and applications like email, teams, and SharePoint.
As of Friday morning, FlightAware reported over 1,000 flights cancelled within, into, or out of the U.S., with more than 2,000 others delayed. Globally, early Friday saw over 21,000 flights delayed, a number anticipated to increase. Later Friday morning, American Airlines, Delta Air Lines, and United Airlines resumed some flight departures after temporarily halting operations earlier due to the outages.