CrowdStrike on Thursday said more than 97% of the Windows computers disrupted by its bad update had been back online. The incident is expected to cause billions in direct losses for major companies.
“Our recovery efforts have been enhanced thanks to the development of automatic recovery techniques and by mobilizing all our resources to support our customers,” CrowdStrike CEO George Kurtz said on Thursday in a post on LinkedIn.
The cybersecurity giant has shared a preliminary incident review, explaining why the update that caused global chaos was not caught by testing.
The update, pushed out on July 19, caused roughly 8.5 million devices to enter a Blue Screen of Death (BSOD) loop, causing problems to airports, healthcare organizations, banks and other entities.
CrowdStrike, with help from Microsoft, rushed to restore impacted systems, but remediation has taken longer in some cases.
US House leaders want Kurtz to testify to Congress about the company’s role in sparking the widespread outage.
CrowdStrike also faced backlash this week over the $10 Uber Eats vouchers it sent out to impacted teammates and partners who have been helping customers through this situation.
Organizations and users have been warned that cybercriminals are leveraging this incident for phishing, scams and malware delivery.
CrowdStrike’s most recent alert warns customers that threat actors have been attempting to deliver the Lumma stealer malware disguised as a Falcon sensor update.
In addition, some hackers are trying to get attention by making exaggerated claims. One such hacker, known online as USDoD, leaked what he described as CrowdStrike’s “entire threat actor list”, but the security firm clarified that the information is available to tens of thousands of customers, partners, and prospects, as well as hundreds of thousands of users. The company noted that USDoD is known for making exaggerated claims.
CrowdStrike shares plunged following the incident and the company lost billions in market value. In addition, it will likely have to face lawsuits and incur other expenses related to incident response.
CrowdStrike customers will likely also suffer significant losses due to the incident. Cloud outage analytics and insurance solutions provider Parametrix estimates that the total direct financial loss for US Fortune 500 companies — excluding Microsoft — is $5.4 billion, with airlines suffering the biggest losses ($143 million on average).
”A quarter of the Fortune 500 was impacted (125 corporations), including 100% of airlines in the cohort, and 43% of retailer & wholesaler companies. About three quarters of health and banking sector firms suffered direct costs. Beyond such primary financial losses, CrowdStrike’s impact on critical services resulted in a cascade of operational delays affecting the Fortune 500 companies and their downstream entities,” Parametrix said.
The insurer told Reuters that financial losses caused by the outage globally could total roughly $15 billion.
*article updated as it inaccurately stated that customers received $10 vouchers when in fact they were sent to teammates and partners who have been helping customers through this situation.
Additional news coverage from SecurityWeek and around the web:
- CrowdStrike Explains Why Bad Update Was Not Properly Tested
- CrowdStrike CEO Called to Testify to Congress Over Cybersecurity Firm’s Role in Global Tech Outage
- Most Airlines Except One Are Recovering From the CrowdStrike Tech Outage. The Feds Have Noticed
- CrowdStrike Speeding Up Remediation of Systems Hit by Blue Screen of Death
- CrowdStrike Incident Leveraged for Malware Delivery, Phishing, Scams
- Microsoft Says 8.5 Million Windows Devices Impacted by CrowdStrike Incident, Publishes Recovery Tool
- CrowdStrike Provides Remediation Guidance After Software Update Causes Worldwide IT Chaos
- CrowdStrike Says Logic Error Caused Windows BSOD Chaos
- Bad CrowdStrike Update Linked to Major IT Outages Worldwide
- Highlights from the global tech outage (AP)
- Microsoft-CrowdStrike issue causes ‘largest IT outage in history’ (CNBC)
