Blue Screen

CrowdStrike, until last Thursday an obscure tech company, is now notorious for bringing the global economy to a shuddering halt. A corrupted update in its software crippled multiple industries around the world, from stock exchanges to aviation and pharmacies.

What happened? What can be done? What does this mean for the future of cybersecurity? And what can the world do to protect itself from technological Armageddon?

What went wrong?

On Thursday, July 18, the Texas-based cybersecurity company CrowdStrike updated its Falcon antivirus software for business systems using Microsoft Windows. Falcon interacts with Microsoft 365, Amazon Web Services, and Instagram, among others. A bug in the update brought these systems to their knees, affecting 8.5 million Windows devices worldwide. Users saw the dreaded Blue Screen of Death (BSOD), a Windows message indicating a system crash. Rival operating systems Linux and MacOS were unaffected.

What were the consequences?

Risk management firm Interos reported that 674,620 customers were directly affected, and 49 million indirectly. The largest share of affected organizations, 41%, were in the US, followed by 28% across Europe. Worryingly, 82% of US state governments and 48% of the largest US cities use CrowdStrike. The effects are difficult to quantify. More than 5,000 flights were canceled. Trains couldn’t run, and hospitals, pharmacies, broadcasters, and banks ceased functioning. Ports from Los Angeles to Rotterdam were shut down. Visa, which processes 8,000 transactions per second, was hit too.

Who was affected?

No personal devices were impacted, but businesses across a wide range of industries here hit. The most visible effects were on consumer-facing firms like airlines, railways operators, banks, retailers, pharmacies, health care providers, and credit card processors. Ports, emergency services, stock exchanges, broadcasters, and payroll software providers were hit too.

How can it be fixed?

CrowdStrike has issued a fix, but it will need to be applied separately to each affected device. Computers will need to be manually rebooted in safe mode, which will be a colossal headache. Microsoft advised clients to turn devices off and on again up to 15 times to reboot, and CrowdStrike advised IT experts to delete a specific file. CrowdStrike has acknowledged that it could take anywhere between hours and days to resolve this issue. Cybersecurity expert Eric O’Neil estimated it would take three to five days for things to return to normal.