CrowdStrike has officially launched the "Remediation and Guidance Hub," a comprehensive page dedicated to presenting every fact and step in dealing with the recent Windows outage that crashed millions of computers worldwide.
The page reportedly contains technical details on the cause of the outage, the impacted services, and a statement from CEO George Kurtz. It also includes links to several third-party vendor pages for handling the outage and procedures for recovering Bitlocker keys.
The page links to a knowledge base article about utilizing a bootable USB key, which is only accessible to customers who are logged in. Such a tool, which Microsoft launched yesterday, instantly removes the problematic channel file that was causing computers to blue screen.
According to CrowdStrike, businesses should only communicate directly with the company's representatives through legitimate channels and follow the advice given by its support staff.
Read Also: Xbox Live Is Now up and Running After Service Outage: What Went Wrong?
Global Windows Outage
About 8.5 million computers crashed during the most recent worldwide Windows outage on Friday, July 19. This outage affected vital infrastructure, grounded aircraft, and interfered with television broadcasts.
Cybersecurity experts reportedly called the attack "unprecedented" due to its scale. It impacted some of the biggest corporations globally and even several companies and other facilities abroad.
According to reports, a bug patched overnight by cybersecurity company CrowdStrike prevented compromised devices from booting correctly.
Even though CrowdStrike reversed the update, it doesn't do anything to help the previously impacted machines. The company has supplied a fix involving a specific boot mode and manual file deletion. This procedure, which involves booting the system in a specific mode and manually deleting the problematic file, necessitates administrator access for remotely managed systems, which presents a problem.
Fake CrowdStrike Scams
The release of CrowdStrike's guidance hub coincides with reports that threat actors are using data wipers and remote access tools to attack businesses, taking advantage of the significant disruption caused by CrowdStrike's glitchy update.
Researchers and government agencies have noticed a rise in phishing emails attempting to take advantage of the situation as businesses seek assistance to fix impacted Windows hosts.
The National Cyber Security Center (NCSC) of the United Kingdom also issued a warning stating that it has noticed a rise in phishing emails meant to exploit the downtime.
The use of AnyRun, an automated malware analysis tool, has detected a rise in impersonation attempts of CrowdStrike, which may be a sign of phishing.
AnyRun, an automated malware analysis tool, has detected a rise in CrowdStrike's impersonation attempts, which may be a sign of phishing.
Cybersecurity researcher g0njxa first revealed on Saturday the malware operation that targeted BBVA bank clients and delivered a phony CrowdStrike Hotfix update that installed the Remcos RAT.
Portalintranetgrupobbva[.]com, a phishing website that impersonated a BBVA Intranet portal, was used to spread the false hotfix.
Instructions for partners and staff to install the update to prevent issues when connecting to the company's internal network are contained within the malicious package.
Related Article: Trend Micro, Nvidia Join Forces to Create AI-Powered Cybersecurity Tools