Major IT outage affecting banks, airlines, media outlets across the world

jedibob5 , 4 hours ago

Reading into the updates some more… I’m starting to think this might just destroy CloudStrike as a company altogether. Between the mountain of lawsuits almost certainly incoming and the total destruction of any public trust in the company, I don’t see how they survive this. Just absolutely catastrophic on all fronts.

NaibofTabr , 4 hours ago

If all the computers stuck in boot loop can’t be recovered… yeah, that’s a lot of cost for a lot of businesses. Add to that all the immediate impact of missed flights and who knows what happening at the hospitals. Nightmare scenario if you’re responsible for it.

This sort of thing is exactly why you push updates to groups in stages, not to everything all at once.

rxxrc OP , 4 hours ago

Looks like the laptops are able to be recovered with a bit of finagling, so fortunately they haven’t bricked everything.

And yeah staged updates or even just… some testing? Not sure how this one slipped through.

dactylotheca , 3 hours ago

Not sure how this one slipped through.

I’d bet my ass this was caused by terrible practices brought on by suits demanding more “efficient” releases.

“Why do we do so much testing before releases? Have we ever had any problems before? We’re wasting so much time that I might not even be able to buy another yacht this year”

GoofSchmoofer , 2 hours ago

At least nothing like this happens in the airline industry

dactylotheca , 1 hour ago

Certainly not! Or other industries for that matter. It’s a good thing executives everywhere aren’t just concentrating on squeezing the maximum amount of money out of their companies and funneling it to themselves and their buddies on the board.

Sure, let’s “rightsize” the company by firing 20% of our workforce (but not management!) and raise prices 30%, and demand that the remaining employees maintain productivity at the level it used to be before we fucked things up. Oh and no raises for the plebs, we can’t afford it. Maybe a pizza party? One slice per employee though.

Munkisquisher , 4 hours ago

Yeah saw that several steel mills have been bricked by this, that’s months and millions to restart

gazter , 1 hour ago

Got a link? I find it hard to believe that a process like that would stop because of a few windows machines not booting.

TheBat , 1 hour ago

a few windows machines with controller application installed

That’s the real kicker.

IsThisAnAI , 3 hours ago

What lawsuits do you think are going to happen?

RegalPotoo , 3 hours ago

Agreed, this will probably kill them over the next few years unless they can really magic up something.

They probably don’t get sued - their contracts will have indemnity clauses against exactly this kind of thing, so unless they seriously misrepresented what their product does, this probably isn’t a contract breach.

If you are running crowdstrike, it’s probably because you have some regulatory obligations and an auditor to appease - you aren’t going to be able to just turn it off overnight, but I’m sure there are going to be some pretty awkward meetings when it comes to contract renewals in the next year, and I can’t imagine them seeing much growth

Skydancer , 1 hour ago

Nah. This has happened with every major corporate antivirus product. Multiple times. And the top IT people advising on purchasing decisions know this.

SupraMario , 48 minutes ago

Yep. This is just uninformed people thinking this doesn’t happen. It’s been happening since av was born. It’s not new and this will not kill CS they’re still king.

Wooki , 2 hours ago

Testing is production will do that

ThrowawaySobriquet , 2 hours ago

I think you’re on the nose, here. I laughed at the headline, but the more I read the more I see how fucked they are. Airlines. Industrial plants. Fucking governments. This one is big in a way that will likely get used as a case study.

rozodru , 1 hour ago

It’s just amatuer hour across the board. Were they testing in production? no code review or even a peer review? they roll out for a Friday? It’s like basic level start up company “here’s what not to do” type shit that a junior dev fresh out of university would know. It’s like “explain to the project manager with crayons why you shouldn’t do this” type of shit.

It just boggles my mind that if you’re rolling out an update to production that there was clearly no testing. There was no review of code cause experts are saying it was the result of poorly written code.

Regardless if you’re low level security then apparently you can just boot into safe and rename the crowdstrike folder and that should fix it. higher level not so much cause you’re likely on bitlocker which…yeah don’t get me started no that bullshit.

regardless I called out of work today. no point. it’s friday, generally nothing gets done on fridays (cause we know better) and especially today nothing is going to get done.

richtellyard , 5 hours ago

This is going to be a Big Deal for a whole lot of people. I don’t know all the companies and industries that use Crowdstrike but I might guess it will result in airline delays, banking outages, and hospital computer systems failing. Hopefully nobody gets hurt because of it.

RegalPotoo , 5 hours ago

Big chunk of New Zealands banks apparently run it, cos 3 of the big ones can’t do credit card transactions right now

oderus , 4 hours ago

It was mayhem at PakNSave a bit ago.

emmanuel_car , 4 hours ago

In my experience it’s always mayhem at PakNSave.

deadbeef79000 , 37 minutes ago

If anything, it’s probably calmed P’n’S down a bit…

index , 1 hour ago

cos 3 of the big ones can’t do credit card transactions right now

Bitcoin still up and running perhaps people can use that

kadotux , 4 hours ago (edited 4 hours ago)

Here’s the fix: (or rather workaround, released by CrowdStrike) 1)Boot to safe mode/recovery 2)Go to C:\Windows\System32\drivers\CrowdStrike 3)Delete the file matching “C-00000291*.sys” 4)Boot the system normally

StV2 , 4 hours ago

It’s disappointing that the fix is so easy to perform and yet it’ll almost certainly keep a lot of infrastructure down for hours because a majority of people seem too scared to try to fix anything on their own machine (or aren’t trusted to so they can’t even if they know how)

r00ty Admin , 4 hours ago

It might not even be that. A lot of places have many servers (and even more virtual servers) running crowdstrike. Some places also seem to have it on endpoints too.

That's a lot of machines to manually fix.

HaleHirsute , 4 hours ago

They also gotta get the fix through a trusted channel and not randomly on the internet. (No offense to the person that gave the info, it’s maybe correct but you never know)

kadotux , 4 hours ago

Yeah, and it’s unknown if CS is active after the workaround or not (source: hackernews commentator)

letsgo , 3 hours ago

True, but knowing what the fix might be means you can Google it and see what comes back. It was on StackOverflow for example, but at the time of this comment has been taken offline for moderation - whatever that means.

NaibofTabr , 4 hours ago

This sort of fix might not be accessible to a lot of employees who don’t have admin access on their company laptops, and if the laptop can’t be accessed remotely by IT then the options are very limited. Trying to walk a lot of nontechnical users through this over the phone won’t go very well.

AccountMaker , 2 hours ago

Yup, that’s me. We booted into safe mode, tried navigating into the CrowdStrike folder and boom: permission denied.

Munkisquisher , 4 hours ago

And people need to travel to remote machines to do this in person

thehatfox , 1 hour ago

Might seem easy to someone with a technical background. But the last thing businesses want to be doing is telling average end users to boot into safe mode and start deleting system files.

If that started happening en masse we would quickly end up with far more problems than we started with. Plenty of users would end up deleting system32 entirely or something else equally damaging.

CaptainBasculin , 4 hours ago

A driver failure, yeesh. It always sucks to deal with it.

cheeseburger , 3 hours ago

I’m on a bridge still while we wait for Bitlocker recovery keys, so we can actually boot into safemode, but the Bitkocker key server is down as well…

gnutrino , 3 hours ago

Gonna be a nice test of proper backups and disaster recovery protocols for some organisations

WagnasT , 1 hour ago

Man, it sure would suck if you could still get to safe mode from pressing f8. Can you imagine how terrible that’d be?

a_postmodern_hat , 28 minutes ago

You hold down Shift while restarting or booting and you get a recovery menu. I don’t know why they changed this behaviour.

bdonvr , 2 hours ago

The amount of servers running Windows out there is depressing to me

franklin , 1 hour ago

The four multinational corporations I worked at were almost entirely Windows servers with the exception of vendor specific stuff running Linux. Companies REALLY want that support clause in their infrastructure agreement.

Blackmist , 21 minutes ago

I’ve had my PC shut down for updates three times now, while using it as a Jellyfin server from another room. And I’ve only been using it for this purpose for six months or so.

I can’t imagine running anything critical on it.

sasquash , 3 hours ago

never do updates on a Friday.

rozodru , 1 hour ago

yeah someone fucked up here. I mean I know you’re joking but I’ve been in tech for like 20+ years at this point and it was always, always, ALWAYS, drilled into me to never do updates on Friday, never roll anything out to production on Friday. Fridays were generally meant for code reviews, refactoring in test, work on personal projects, raid the company fridge for beer, play CS at the office, whatever just don’t push anything live or update anything.

And especially now the work week has slimmed down where no one works on Friday anymore so you 100% don’t roll anything out, hell it’s getting to the point now where you just don’t roll anything out on a Thursday afternoon.

0x0 , 42 minutes ago

And especially now the work week has slimmed down where no one works on Friday anymore

Excuse me, what now? I didn’t get that memo.

meanmon13 , 26 minutes ago

Yeah it’s great :-) 4 10hr shifts and every weekend is a 3 day weekend

rozodru , 21 minutes ago

sorry :( yeah I, at most, do 3 days in the office now. Fridays are a day off and Mondays mostly everyone just works from home if at all. downtown Toronto on Mondays and Fridays is pretty much dead.

Blackmist , 18 minutes ago

Yep, anything done on Friday can enter the world on a Monday.

I don’t really have any plans most weekends, but I sure as shit don’t plan on spending it fixing Friday’s fuckups.

spyd3r , 1 hour ago

Never update unless something is broken.

Toribor , 57 minutes ago

This is fine as long as you politely ask everyone on the Internet to slow down and stop exploiting new vulnerabilities.

Ookami38 , 54 minutes ago

I think vulnerabilities found count as “something broken” and chap you replied to simply did not think that far ahead hahah

huginn , 4 minutes ago

For real - A cyber security company should basically always be pushing out updates.

iknowitwheniseeit , 50 minutes ago

BTW, I use Arch.

Passerby6497 , 19 minutes ago

That’s advice so smart you’re guaranteed to have massive security holes.

Damage , 3 hours ago

The thought of a local computer being unable to boot because some remote server somewhere is unavailable makes me laugh and sad at the same time.

Munkisquisher , 2 hours ago

A remote server that you pay some serious money to that pushes a garbage driver that prevents yours from booting

lanolinoil , 1 hour ago

yeah so you can’t get Chinese government spyware installed.

rxxrc OP , 2 hours ago

I don’t think that’s what’s happening here. As far as I know it’s an issue with a driver installed on the computers, not with anything trying to reach out to an external server. If that were the case you’d expect it to fail to boot any time you don’t have an Internet connection.

Windows is bad but it’s not that bad yet.

Sylence , 5 hours ago

Yep, stuck at the airport currently. All flights grounded. All major grocery store chains and banks also impacted. Bad day to be a crowdstrike employee!

iknowitwheniseeit , 43 minutes ago

My flight was canceled. Luckily that was a partner airline. My actual airline rebooked me on a direct flight. Leaves 3 hours later and arrives earlier. Lower carbon footprint. So, except that I’m standing in queue so someone can inspect my documents it’s basically a win for me. 😆

NaibofTabr , 4 hours ago

Wow, I didn’t realize CrowdStrike was widespread enough to be a single point of failure for so much infrastructure. Lot of airports and hospitals offline.

The Federal Aviation Administration (FAA) imposed the global ground stop for airlines including United, Delta, American, and Frontier.

Flights grounded in the US.

The System is Down

misk , 5 hours ago

My work PC is affected. Nice!

wreckedcarzz , 4 hours ago

Plot twist: you’re head of IT

R00bot , 4 hours ago

Same! Got to log off early 😎

Munkisquisher , 4 hours ago

Dammit, hit us at 5pm on Friday in NZ

BigRedUndead , 3 hours ago

4:00PM here in Aus. Absolutely perfect for an early Friday knockoff.

ililiililiililiilili , 4 hours ago

My dad needed a CT scan this evening and the local ER’s system for reading the images was down. So they sent him via ambulance to a different hospital 40 miles away. Now I’m reading tonight that CrowdStrike may be to blame.

alphacyberranger , 4 hours ago

One possible fix is to delete a particular file while booting in safe mode. But then they’ll need to fix each system manually. My company encrypts the disks as well so it’s going to be a even bigger pain (for them). I’m just happy my weekend started early.

Valmond , 3 hours ago

You have ta have access to boot in safe mode too, I guess I can’t on my work pc for example.

What a shitty workaround & might crowd strike burn in hell lol

alphacyberranger , 1 hour ago

Enjoy your weekend unless you are in IT

rozodru , 1 hour ago

that would only work for like low level people’s laptops. apparently if your role requires a more secure machine you also have to deal with bitlocker whiiiiiiich is tied in with crowdstrike soooooo no dice.

alphacyberranger , 33 minutes ago

Yeah that would be case in most laptops. So if bitlovker is involved as well what could be the possible fix.

rozodru , 17 minutes ago

I mean if your IT was smart, IF they were smart, they would have the bitlocker decryptions backed up on like a usb or something. IF you need to access the decryption via microsoft then you’re apparently borked for now.

alphacyberranger , 2 minutes ago

That would be funny

r00ty Admin , 3 hours ago

My favourite thing has been watching sky news (UK) operate without graphics, trailers, adverts or autocue. Back to basics.

UncleArthur , 4 hours ago

Annoyingly, my laptop seems to be working perfectly.

Valmond , 3 hours ago

That’s the burden when you run Arch, right?

Damage , 3 hours ago

lol he said it’s working

jedibob5 , 5 hours ago

Huh. I guess this explains why the monitor outside of my flight gate tonight started BSoD looping. And may also explain why my flight was delayed by an additional hour and a half…

solomon42069 , 3 hours ago

Why is no one blaming Microsoft? It’s their non resilient OS that crashed.

blackn1ght , 2 hours ago

Probably because it’s a Crowdstrike issue, they’ve pushed a bad update.

solomon42069 , 2 hours ago

OK, but people aren’t running Crowdstrike OS. They’re running Microsoft Windows.

I think that some responsibility should lie with Microsoft - to create an OS that

1. Recovers gracefully from third party code that bugs out
2. Doesn’t allow third party software updates to break boot

I get that there can be unforeseeable bugs, I’m a programmer of over two decades myself. But there are also steps you can take to strengthen your code, and as a Windows user it feels more like their resources are focused on random new shit no one wants instead of on the core stability and reliability of the system.

It seems to be like third party updates have a lot of control/influence over the OS and that’s all well and good, but the equivalent of a “Try and Catch” is what they needed here and yet nothing seems to be in place. The OS just boot loops.

EnderMB , 1 hour ago

It’s not just Windows, it’s affecting services that people that primarily use other OS’s rely on, like Outlook or Federated login.

In these situations, blame isn’t a thing, because everyone knows that a LSE can happen to anyone at any time. The second you start to throw stones, people will throw them back when something inevitably goes wrong.

While I do fundamentally agree with you, and believe that the correct outcome should be “how do we improve things so that this never happens again”, it’s hard to attach blame to Microsoft when they’re the ones that have to triage and ensure that communication is met.

solomon42069 , 1 hour ago

I reckon it’s hard to attach blame to Microsoft because of the culture of corporate governance and how decisions are made (without experts).

Tech has become a bunch of walled gardens with absolute secrecy over minor nothings. After 1-2 decades of that, we have a generation of professionals who have no idea how anything works and need to sign up for $5 a month phone app / cloud services just to do basic stuff they could normally do on their own on a PC - they just don’t know how or how to put the pieces together due to inexperience / lack of exposure.

Whether it’s corporate or government leadership, the lack of understanding of basics in tech is now a liability. It’s allowed corporations like Microsoft to set their own quality standards without any outside regulation while they are entrusted with vital infrastructure and to provide technical advisory, even though they have a clear vested interest there.

lanolinoil , 1 hour ago

banks wouldn’t use something that black box. just trust me bro wouldn’t be a good pitch

barsquid , 1 hour ago

AFAICT Microsoft is busy placing ads on everything and screen logging user activity instead of making a resilient foundation.

For contrast: I’ve been running Fedora Atomic. I’m sure it is possible to add some kernel mod that completely breaks the system. But if there was a crash on boot, in most situations, I’d be able to roll back to the last working version of everything.