Nationwide computer outage

[nzoomed]

Affecting banks and supermarkets.
Also affecting Australia.
I suspect a cyber attack.
https://www.1news.co.nz/2024/07/19/custo...g-outages/

[king1]

looking that way isn't it? the odd thing about that one are the reports of blue screens and startup failures, that would suggest either coincidence or malware of some description...

[king1]

NZHerald are suggesting Global network issues

'Large-scale technical outage'
The issue appeared to relate to an issue with global cybersecurity firm CrowdStrike, an Australian government spokesman told Reuters.
Australia's National Cyber Security Coordinator posted on X (formerly Twitter): "I am aware of a large-scale technical outage affecting a number of companies and services across Australia this afternoon".
The office continued: "Our current information is this outage relates to a technical issue with a third-party software platform employed by affected companies.
"There is no information to suggest it is a cyber security incident. We continue to engage across key stakeholders."

https://www.nzherald.co.nz/nz/bank-probl...G5PA6U3TQ/


Stage 2 of a Fire Sale - what's the transport systems like at your end
https://diehard.fandom.com/wiki/Fire_Sale

[nzoomed]

looking that way isn't it? the odd thing about that one are the reports of blue screens and startup failures, that would suggest either coincidence or malware of some description...

Yes I was looking at that.
Looks like its MS windows thats affected, wasnt there a major exploit discovered in windows where Microsoft was warning everyone to patch through windows update recently?
It might have been this:
https://www.securityweek.com/microsoft-w...exploited/

Edit: looks like crowdstrike update may be the cause

[Lilith7]

If these cyber attacks continue,& become widespread, the world may need to return to using cash only...

[nzoomed]

If these cyber attacks continue,& become widespread, the world may need to return to using cash only...

Probably for the better, this demonstrates digital currency is not dependable, especially during disasters.

[Oh_hunnihunni]

Well, Luxon would go on about China in his cosy up tour to the US. Dear ex Leader Helen and that horrible brash bloke did warn him...

https://www.helenclarknz.com/my-diary/st...c-security

[zqwerty]

official workaround:

Boot Windows into Safe Mode or Recovery Environment
Navigate to C:\Windows\System32\drivers\CrowdStrike directory
Locate the file matching "C-00000291*.sys", and delete it.
Boot the host normally.

Update:
You only need to do the workaround where the host can't boot to get the online file changes.

https://supportportal.crowdstrike.com/s/...2024-07-19

From here:

https://old.reddit.com/r/sysadmin/commen..._stuck_at/

Summary

CrowdStrike is aware of reports of crashes on Windows hosts related to the Falcon Sensor.

Details

Symptoms include hosts experiencing a bugcheck\blue screen error related to the Falcon Sensor.

Current Action

CrowdStrike Engineering has identified a content deployment related to this issue and reverted those changes.

If hosts are still crashing and unable to stay online to receive the Channel File Changes, the following steps can be used to workaround this issue:

Workaround Steps:

Boot Windows into Safe Mode or the Windows Recovery Environment

Navigate to the C:\Windows\System32\drivers\CrowdStrike directory

Locate the file matching “C-00000291*.sys”, and delete it.

Boot the host normally.

Latest Updates

[king1]

official workaround:

    Boot Windows into Safe Mode or Recovery Environment
    Navigate to C:\Windows\System32\drivers\CrowdStrike directory
    Locate the file matching "C-00000291*.sys", and delete it.
    Boot the host normally.

https://supportportal.crowdstrike.com/s/...2024-07-19

From here:

https://old.reddit.com/r/sysadmin/commen..._stuck_at/

good find, looks like a driver issue - must be a component in a remote support/monitoring agent application maybe...

[Agent_24]

Some idiot on the dev team probably pushed an untested patch to production by accident

[zqwerty]

Tech Alert | Windows crashes related to Falcon Sensor | 2024-07-19printFavoriteCloud: US-1EU-1US-2Published Date: Jul 19, 2024
Summary

CrowdStrike is aware of reports of crashes on Windows hosts related to the Falcon Sensor.
Details

Symptoms include hosts experiencing a bugcheck\blue screen error related to the Falcon Sensor.
Current Action

CrowdStrike Engineering has identified a content deployment related to this issue and reverted those changes.

If hosts are still crashing and unable to stay online to receive the Channel File Changes, the following steps can be used to workaround this issue:
Workaround Steps:

Boot Windows into Safe Mode or the Windows Recovery Environment
Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
Locate the file matching “C-00000291*.sys”, and delete it.
Boot the host normally.

Latest Updates

2024-07-19 05:30 AM UTC | Tech Alert Published.
2024-07-19 06:30 AM UTC | Updated and added workaround details.

EDIT:
Need a CS login to view actual article
Tech Alert | Windows crashes related to Falcon Sensor | 2024-07-19 (crowdstrike.com)

[king1]

Amazing how widespread it is - just one innocuous third party application taking down all these critical systems

[zqwerty]

May be useful to someone:

Supposedly you fix it even without having the bitlocker key:

Cycle through BSODs until you get the recovery screen.
Navigate to Troubleshoot>Advanced Options>Startup Settings
Press "Restart"
Skip the first Bitlocker recovery key prompt by pressing Esc
Skip the second Bitlocker recovery key prompt by selecting Skip This Drive in the bottom right
Navigate to Troubleshoot>Advanced Options> Command Prompt
Type "bcdedit /set {default} safeboot minimal". then press enter.
Go back to the WinRE main menu and select Continue.
It may cycle 2-3 times.
If you booted into safe mode, log in per normal.
Open Windows Explorer, navigate to C:\Windows\System32\drivers\Crowdstrike
Delete the offending file (STARTS with C-00000291*. sys file extension)
Open command prompt (as administrator)
Type "bcdedit /deletevalue {default} safeboot"., then press enter. 5. Restart as normal, confirm normal behavior.

---

CrowdStrike Windows Outage—What Happened And What To Do Next

https://www.forbes.com/sites/kateoflaher...o-do-next/

[harm_less]

Amazing how widespread it is - just one innocuous third party application taking down all these critical systems

Maybe treat this as a valuable lesson on how reliant the world is on digital control systems. A dry run for the much longer term scenario that would occur in the event of coronal mass ejection or electromagnetic pulse weapon strike. In those cases the loss of communications and functionality of any electronically dependent device would be lost for very much longer than this 'blip', some permanently.

[nzoomed]

Amazing how widespread it is - just one innocuous third party application taking down all these critical systems

I'm unsure how many home users will be affected,  but seems to be more with the crowdstrike product called falcon.
I've personally never encountered it, bit it's possible it's bundled with other software unbeknown to the user.

Anyway here is a good meme doing the rounds.
   

[Oh_hunnihunni]

Ahhh, human error. Who'da thunk it.

I prefer the conspiracy theory. Much more interesting, lol.

[Lilith7]

Dogs are right, humans are nuts.

[Lilith7]

Ahhh, human error. Who'da thunk it.

I prefer the conspiracy theory. Much more interesting, lol.

Well, you know this denial & claim of human error could be a part of a conspiracy....

[harm_less]

Ahhh, human error. Who'da thunk it.

I prefer the conspiracy theory. Much more interesting, lol.

Well, you know this denial & claim of human error could be a part of a conspiracy....

The whole event is pretty damning for the introduction of cashless banking systems. So who stands to benefit in that case?

[Oh_hunnihunni]

I haven't followed that debate, but I suspect anything digital benefits the tech industry, and those few who own it.