Happy Friday
The world is in chaos this morning, not because of cybercriminals (this time) but a faulty software update from Crowdstrike.
What is Crowdstrike? It's considered a best-in-class endpoint detection and response (EDR) software, aka a fancy antivirus program. It's taken down banks, airports, hospitals - pretty much all infrastructure computer systems that have invested in the software to protect their devices.
Just to be clear, we don't have Crowdstrike deployed on any of the systems we protect, so if you are a Cypac customer, you are unaffected.
The Takeaway
If you're running Crowdstrike in your IT environment and was greeted this morning by a blue screen of death, the official guidance from Crowdstrike is:
Boot Windows into Safe Mode or the Windows Recovery Environment
Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
Locate the file matching “C-00000291*.sys”, and delete it.
Boot the host normally.
Many won't get past step 1 unfortunately since it requires a local admin account, which is a security issue so they're usually disabled. Plan B may be a complete system wipe. For now though, this is the only guidance published by Crowdstrike.
This weekend is going to be a tough one for us IT and Cyber guys. Hang in there my brothers.
Stay safe out there.
-A
PS. In case you missed this week's news segment on on KHON2 about how home solar is getting hacked, here's the link.
Comments