This page contains technical information about what caused the outage, affected systems, and a statement from CEO George Kurtz. It also contains links to the Bitlocker key recovery process and various third-party vendor pages on handling outages.
This page points to a knowledge base article about using a bootable USB flash drive (accessible only to logged-in customers). Microsoft yesterday released a tool that can automatically delete problematic channel files that cause blue screens on machines.
CrowdStrike also published a blog yesterday, warning that threat actors have been taking advantage of the situation to spread malware, using “a malicious ZIP archive named crowdstrike-hotfix.zip.”
The ZIP archive contains a Hijack loader Payload loaded at execution time Remkos. Of note, the Spanish file names and descriptions in the ZIP archive indicate that the campaign may be targeting CrowdStrike customers in Latin America (LATAM).
Following the content update issue, multiple falsely planted domains posing as CrowdStrike have been identified. This campaign marks the first time threat actors have been observed exploiting Falcon content issues to distribute malicious files targeting CrowdStrike customers in Latin America.
CrowdStrike says organizations can only work directly with CrowdStrike representatives through official channels and only use guidance provided by its support team.
