The web page consists of technical details about what brought on the outage, which methods are affected, and CEO George Kurtz's assertion. Incorporates hyperlinks to Bitlocker key restoration processes and varied third-party vendor pages on outage administration.
The web page factors to a data base article (which solely authenticated prospects can entry) for utilizing a bootable USB key. Microsoft launched one such software yesterday that robotically deletes the problematic channel file that brought on machines to blue display.
CrowdStrike additionally revealed a weblog publish yesterday warning that menace actors have taken benefit of the scenario to distribute malware utilizing “a malicious ZIP archive referred to as crowdstrike-hotfix.zip.”
The ZIP archive incorporates a HijackLoader payload that, when executed, hundreds RemCos. Specifically, the Spanish file names and directions within the ZIP archive point out that this marketing campaign seemingly targets CrowdStrike prospects in Latin America (LATAM).
Following the content material replace challenge, a number of typosquatting domains impersonating CrowdStrike have been recognized. This marketing campaign marks the primary noticed occasion of a menace actor leveraging the Falcon content material challenge to distribute malicious recordsdata focusing on CrowdStrike prospects in LATAM.
CrowdStrike says organizations ought to work straight with CrowdStrike representatives solely utilizing official channels and may solely use steerage supplied by its help workforce.