UPDATE (19/07/2024): After a major Crowdstrike issue left many Windows machines with the dreaded blue screen of death and Capitec’s services affected on the morning of Friday, 19 July, the bank has reached out to Stuff to confirm that all its banking services had been restored and that users could relax knowing that their bank accounts and data remain secure.
“We recognise the inconvenience this has caused and wish to provide clarity and assurance to our valued clients,” Capitec said. “Our tech team has worked quickly to resolve the problem – we are pleased to report that all our banking has now been fully restored. Importantly, we want to reassure our clients that their bank accounts and personal data remain secure and unaffected by this incident,” it concluded.
ORIGINAL STORY:
There’s a good chance that when you woke up this morning, Crowdstrike was as unfamiliar a name as Joe two doors down. By this evening, however, it’ll have become a household name spoken with the same dread as He Who Must Not Be Named. Why? It might have something to do with the fact that it’s blue-screening Windows machines worldwide, bringing down banks and even taking airports offline. And it’s only been a few hours.
Someone put Crowdstrike in a bowl of rice
South Africans began noticing issues with Capitec’s online services as early as 07h00 this morning according to downdetector.co.za, before the bank itself confirmed that, “due to an unexpected issue with an international service provider, we are currently experiencing nationwide service disruptions,” noting that its ATMs and card payment services were still up and running.
That “international service provider” is believed to be Crowdstrike. Crowdstrike is a cybersecurity firm based in the US, and a report from Reuters confirms that the outages affecting several Windows machines, banks, airlines, and many business servers worldwide are linked to Crowdstrike. Australia and New Zealand were the first to notice the issue sweeping the two countries before it was noticed internationally.
According to The Verge, the issues are caused by a “faulty update” on Crowdstrike’s end, which is currently used by many businesses globally. The update caused plenty of Windows machines and servers to be knocked offline, leaving some machines in a recovery boot loop, or a blue screen of death (BSOD) as it’s more commonly known.
Read More: A team analysed the entire web and found a cybersecurity threat lurking in plain sight
“We have widespread reports of BSODs on Windows hosts, occurring on multiple sensor versions,” said CrowdStrike in a support note issued earlier today that’s locked by a regwall. It continued by saying it had identified the problem and pulled back the faulty update, though that doesn’t seem to have impacted those devices already struggling to boot.
However, according to Brody Nisbet (via The Register), CrowdStrike’s chief threat hunter, a “faulty update” isn’t the cause of the outages, but rather a “faulty channel file.” You don’t need to know what those words mean, fortunately, because Nisbet offers a workaround for those who cannot bypass the BSOD on Windows.
- Boot Windows into Safe Mode or WRE (Windows Recovery Environment).
- Go to C:\Windows\System32\drivers\CrowdStrike
- Locate and delete file matching “C-00000291*.sys”
- Boot normally.
Unfortunately, in another reply on X, Nisbet notes that the issue “won’t help everyone though.”
There are still many developing reports of airlines across the US and Europe grounding flights due to the Crowdstrike issue, while TV broadcasters are also experiencing troubles.