The outage could result in “millions” in losses for affected organizations that have had to stop operations or business, said Lukasz Olejnik, an independent cybersecurity consultant, who said the CrowdStrike update appears to be linked to its Falcon Sensor product. The Falcon system is part of CrowdStrike's security tools and can block attacks on systems, the company said.
“It reminds us of our dependency on IT and software,” says Olejnik. “When a system has multiple software systems maintained by different vendors, it’s like putting your trust in them. They can be a single point of failure, like here, when multiple companies feel the impact.”
The outage resulting from the CrowdStrike update has had a huge ripple effect on public services and businesses around the world. Dozens of airports are experiencing delays and long lines, with one passenger in India sharing a handwritten boarding pass that had been issued to them. In the hours since the outages were first reported, more than 4,000 flights have been cancelled worldwide, although not all flights are directly related to the outage.
Within the healthcare and emergency services community, several medical providers around the world have reported issues with their Windows-based systems, sharing the news on social media or their own websites. The U.S. Emergency Alert System, which issues hurricane warnings, reported that there were several 911 outages in a number of states. In Portland, Mayor Ted Wheeler declared a state of emergency as a result of some of the outages, though he also said that many systems were being restored. White House officials say that President Joe Biden has been “briefed” on the CrowdStrike outages and that his team is monitoring the situation.
The University Hospital of Schleswig-Holstein in Germany said it was canceling some non-urgent surgeries at two locations. In Israel, more than a dozen hospitals have been hit, as well as pharmacies, with reports saying ambulances have been diverted to unaffected medical organizations.
In the UK, NHS England has confirmed that GP appointments and patient record systems have been affected by the outages. One hospital has reported a “critical” incident after a third-party IT system it uses was affected. Train companies in the country have also said there are delays across the network, with multiple companies affected.
Organisers of the Paris Olympics, which kick off next week, said their systems were affected in a “limited way”, indicating the far-reaching nature of the disruption. A statement from organisers said the affected systems were linked to uniform delivery and the ticketing system was not affected.
CrowdStrike provides endpoint detection and response (EDR) to businesses around the world. This EDR technology runs on thousands of “endpoints” – such as computers, ATMs and internet-of-things devices – and scans them to identify real-time threats, such as malicious activity from cybercriminals. The company has more than 24,000 customers worldwide.
Cybersecurity researcher Kevin Beaumont posted on X that he has seen a copy of the CrowdStrike update that was released and says that the file is not formatted properly and “causes Windows to crash every time.” Beaumont says in further posts that it appears there is no automated way to fix the issues, at least at this time. This could mean that affected machines will have to be manually rebooted before they can come back online, a process that could take hours or days depending on the affected entity.
Brody Nisbet, CrowdStrike’s director of overwatch, also posted on X that the workaround the company issued involves booting Windows machines into safe mode, finding a file named “C-00000291*.sys,” deleting it, and then rebooting the machine normally. “There is some sort of workaround so that in between BSODs some devices should pick up the new channel file and remain stable,” Nisbet posted.
Update 7/19/24 1:35 p.m. ET: This story has been updated with further comment from Microsoft and additional details about the impact of the outage.
