What is CrowdStrike? A security company at the center of a global technology outage

The CEO of cybersecurity firm CrowdStrike has apologized for causing global IT disruption with a software update.

On Friday morning (July 19), thousands of Windows computers started crashing. The resulting pandemonium engulfed airports, banks and supermarkets, causing widespread disruption around the world.

Experts immediately pointed to CrowdStrike, a US-based company whose popular cyberattack protection software is used by thousands of businesses around the world.

CrowdStrike CEO George Kurtz today said the tech company is “deeply sorry” for the issue and the global disruption it caused. In an interview with NBC, Kurtz said a faulty update containing a “software bug” was the cause, confirming what others from the company said Friday.

“We recognized this very quickly and solved the problem,” Kurtz said, adding that the system was constantly being updated to prevent “enemies out there”.

Here’s what you need to know about CrowdStrike, the company at the center of an “unprecedented” global technology blackout.

On Friday morning (July 19), many Windows devices started crashing and showing users a blue screen of death (BSOD) error.

CrowdStrike has apologized for the outage, with the firm acknowledging the problem with its Falcon flagship product shortly after the system failure came to light.

Although CrowdStrike boss Kurtz says the problem has been resolved, he warns it could be “some time” before the system returns to normal for others.

“That’s our mission … to make sure that every customer has a full recovery,” Kurtz said.

Why wait? For general users this issue is likely “still in the system, and it will take time to flush through,” according to James Davenport, Hebron and Medlock professor of information technology, University of Bath.

US-based CrowdStrike is one of the world’s most popular cyber security providers with a market capitalization of $83.48bn (£64.62bn).

To give an idea of ​​the size of the company, CrowdStrike says it will have 29,000 customers worldwide by the end of 2023, including more than 580 customers with deals worth $1m (£774,000).

CrowdStrike’s flagship product is Falcon, which is cloud-based software built to keep hackers away from your work computer. Think of it like a little watchdog attached to your computer that constantly monitors suspicious activity and sends that information to CrowdStrike’s command center in the cloud for analysis using AI.

If a threat is detected, Falcon can take immediate action by quarantining infected files or devices, blocking access to malicious websites or networks, or terminating malicious processes.

On Friday morning, CrowdStrike said an “erroneous channel file” was to blame for the problem with the service after first confirming the error on Windows devices.

The announcement follows a series of reports claiming botched updates released by the company have crashed Windows PCs around the world, a ripple effect that has caused flights, delayed trains, closed supermarkets and taken out TV stations.

Computers affected by the change have been getting a blue screen error, which means they are trying to reboot but it doesn’t work and it doesn’t help.

Shortly after acknowledging the problem with the software, CrowdStrike director of threat hunting Brody Nisbet said on X (formerly Twitter): “There is an incorrect channel file, so there is no update.”

A few hours later, Crowdstrike CEO George Kurtz apologized for the widespread tech disaster, and blamed a buggy update that broke Microsoft’s Windows operating system.

Asked if there was any chance this could be a cyberattack, Kurtz said no.

“It’s not a cyber attack. It’s related to this, updating this content,” he told NBC.

The outage was first reported in Australia, and the country’s national cyber security coordinator has issued a statement on X, saying it is aware of a large-scale technical outage affecting several companies and services.

“Current information is that this outage is related to technical issues with third-party software platforms used by the affected companies,” the statement read.

Even before CrowdStrike’s CEO commented on the issue, experts were generally convinced that the global outage was not due to a cyber attack. Still, he says the scale of the problem is unprecedented, especially given the presence of CrowdStrike Falcon and its high level of control over Windows PCs.

“The software is pervasive – on many if not all machines of a certain type – so a fault in the security software can bring down many computers at once,” said Professor McDermid, from the Institute for Secure Autonomy, University of York.

“Falcon is a privileged piece of software because it can affect the way computers are installed,” said Toby Murray, associate professor in the School of Computers and Information Systems at the University of Melbourne.

“This has become a global phenomenon because CrowdStrike is a very large company, and many companies and organizations use it to detect and protect against threats,” said Dave Parry, dean and professor at the School of IT at Murdoch University in Perth, Australia.

Prof Parry continued: “The problem will affect a huge number of machines around the world. It’s not a cyber attack, it’s just the interaction of two pieces of software.

Wondering how to fix a malfunctioning PC? CrowdStrike’s Nisbet has delivered a partial solution that can do the trick, as long as you have the IT skills to implement it.

The solution, which includes deleting certain files on the affected computer, is:

1. Boot Windows into Safe Mode or Windows Recovery Environment

2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory

3. Find the file corresponding to “C-00000291*.sys” and delete it.

4. Boot the host normally.

However, Prof Davenport warned affected users not to reboot or restart their machines until clear from CrowdStrike and Microsoft, adding, “Don’t accept the ‘it’s gone’ statement.”