AUSTIN (AP) — A significant number of millions of computers that crashed Friday, causing disruptions around the world, are back up and running, cybersecurity firm CrowdStrike said Monday, as its customers and regulators await a more detailed explanation of what went wrong.
A flawed software update sent by CrowdStrike to its customers on Friday disrupted the operations of airlines, banks, hospitals and other crucial services, affecting about 8.5 million machines running Microsoft’s Windows operating system. The painstaking work of fixing it has typically required a company’s technology team to manually delete files from affected machines.
CrowdStrike said in a blog post Sunday night that it was beginning to implement a new technique to speed up the fix for the problem.
Shares of the Texas-based cybersecurity firm have fallen nearly 30% since the crisis, wiping out billions of dollars in market value.
The scope of the damage has also caught the attention of government regulators, including antitrust authorities, although it remains to be seen whether they will take action against the company.
“Too often today, a single failure results in a system-wide disruption, affecting industries from health care and airlines to banks and auto dealerships,” Lina Khan, chair of the U.S. Federal Trade Commission, said on social media site X on Sunday. “Millions of people and businesses pay the price. These incidents reveal how concentration can create fragile systems.”
The Microsoft bug caused problems with passenger check-in, network connection errors and information systems problems for airlines around the world.
They take advantage of the blackout
George Kurtz, CEO of CrowdStrike, warned businesses and individuals about potential scams following the breach that occurred last Friday.
According to the company’s representative, hackers have been posing as CrowdStrike employees or other specialists to gain access to users’ computers. The cybercriminals offer assistance in recovering affected computers.
According to CrowdStrike Intelligence, phishing emails have been identified offering scripting solutions that claim to automate recovery from the content update issue.
Infosecurity Magazine reported that a malicious ZIP file called crowdstrike-hotfix.zip has been distributed, which is supposed to automate computer recovery. However, the file contains a payloader called HijackLoader, which loads malware called RemCos when executed.
Cybersecurity firm KnowBe4 also noted that there are several new domains linked to CrowdStrike that could also infect computers.
“We know that adversaries and other malicious users will try to exploit events like this,” Kurtz said, urging all affected users to “stay vigilant and ensure they are engaging with official CrowdStrike representatives.” Microsoft Releases Recovery Tool To prevent the scams that have been created by the CrowdStrike havoc, Microsoft has released a recovery tool for Windows customers that automates many of the steps required to repair affected systems. Users who wish to access it will need to follow these steps: Download the recovery tool from the Microsoft Download Center. Extract the PowerShell script from the downloaded solution. Extract MsftRecoveryToolForCSv2.ps1 from the PowerShell prompt. The ADK will automatically download and media creation will begin. Choose one of the two options listed to recover affected devices. Optionally, select a directory containing driver files to import into the recovery image. Keyboard and mass storage drivers may be required. Network or other drivers are not required. It is recommended to select “N” to skip this step. The tool will import any SYS and INI files recursively into the specified directory. Select the option to generate an ISO or USB drive and specify the drive letter.
#equipment #failed #Friday #recovered #cyber #blackout
2024-08-06 21:12:56