Unpacking the CrowdStrike Outage: Causes, Impacts, and Protecting Your Business From Disaster.

A major global IT outage occurred on Friday, July 19, 2024, causing widespread disruptions across various industries and services worldwide. Although recovery is still ongoing, the root cause of this massive disruption was traced back to a defective software update issued by cybersecurity company CrowdStrike for all Microsoft Windows operating systems.

CrowdStrike, a prominent cybersecurity firm founded in 2012, provides security software to numerous enterprise customers, including major cloud platforms like Microsoft Azure, commonly used by countless organizations for their daily software operations. 

What Caused The Global Outage?

The company’s CEO, George Kurtz, acknowledged that a “defect” in a “content update” for Windows devices led to the cascading effect that impacted systems globally. While Kurtz emphasized that this was not a security incident or cyberattack and that the issue had been identified, isolated, and a fix deployed, it highlights a broader need for disaster recovery plans when major companies face network outages, as well as the general risks assumed with the interconnectedness of modern IT infrastructure.

Who Was Affected?

The impact of this outage has been far-reaching and severe, lasting for several hours. During that time, clients could not access critical cybersecurity services, leaving their systems potentially vulnerable to cyber threats, affecting major industries and services globally, including:

1. Aviation: Airlines such as Delta, United, and American Airlines experienced grounded flights and significant delays. Airports worldwide, including those in New York, Tokyo, Delhi, London, and Amsterdam, reported long queues and disruptions.

2. Banking and Finance: Banks in Australia, New Zealand, South Africa, and Britain faced operational challenges. The London Stock Exchange was also impacted.

3. Healthcare: Hospitals in Israel and Germany reported disruptions, with some resorting to manual processes.

4. Retail: Payment systems have been impacted globally, with reports from retail stores, grocers, and airlines unable to process credit cards.

5. Transportation: Railway companies in the UK and across the globe faced delays due to IT issues.

6. Media: Broadcasters like Sky News in the UK experienced service disruptions.

7. Government Services: Emergency services, including 911 systems in multiple U.S. states, were temporarily down.

8. Technology: Microsoft services such as Xbox Live, Microsoft 365, and Teams faced outages.

The scale of the disruption has also led to significant financial implications. CrowdStrike’s stock value has plummeted following the incident, with Microsoft and travel-related stocks also experiencing significant declines.

In response to the crisis, companies and organizations took a variety of actions to attempt to mitigate company damage:

1. CrowdStrike: The company quickly identified the issue, isolated it, and deployed a fix. They advised customers to communicate through official channels and referred them to their support portal for updates.

2. Microsoft: The tech giant initiated “mitigation action” to address the lasting repercussions of the disruption.

3. Government Agencies: The U.S. Department of Homeland Security stated it was working with CrowdStrike, Microsoft, and other partners to assess and address the outages.

Many other organizations, such as ConnectWise, proceeded with their disaster recovery plans, augmenting their staff, rebooting systems, and searching for alternative communication methods (some even resorting to manual workarounds).

As of the latest reports, while a fix has been deployed, some businesses were still grappling with the effects of the outage. The incident highlights the interconnected nature of modern IT systems and the potential for widespread disruption from a single point of failure. It also underscores the critical importance of robust testing and failsafe mechanisms in software updates, especially for companies providing services to a vast network of enterprise customers.

As of now, the official workaround provided by Crowdstrike is to reboot Windows in safe mode, and delete a specific system file:

1. Reboot your Windows environment in safe mode or the Windows Recovery Environment
2. Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory
3. Locate the “C-00000291*.sys file and delete it
4. Reboot the host normally

Or you can try rebooting your computer 15 times, says Microsoft.

Protecting your company from disasters and outages

This extreme example is a cautionary tale about how disaster can strike your digital network at any moment and highlights the need for well-maintained disaster recovery plans and backups in order to quickly get your business up and running in case a crisis strikes.

Educate your employees on the steps required of them if the unexpected happens, and keep a regular backup of your data to prevent critical data loss.

Keeping manual backups is an option, but partnering with an automated disaster recovery partner is your best bet to avoid human error and maintain up-to-date, regular, and reliable backup systems for your organization.

Additionally, conducting regular drills and simulations can ensure that your team is prepared to respond swiftly and effectively during a crisis. 

By investing in robust cybersecurity measures and continuously monitoring your systems for vulnerabilities, you can mitigate the risks associated with unforeseen disruptions. Ultimately, the key to safeguarding your company lies in a proactive and comprehensive approach to disaster recovery, ensuring that your business can continue to operate smoothly even in the face of adversity.

If you are looking for an all-in-one disaster recovery and backup for your Microsoft data, SpinOne offers the fastest and most reliable solution on the market. Get in touch with our sales team here for a free demo, and set yourself at ease knowing your business’s data is protected from critical data loss when the next disaster strikes.