Editor’s note: Check out our frequently updated live blog All the latest updates on the Microsoft/CrowdStrike outage.
IT systems around the world are still working to restore operations after a CrowdStrike update caused a massive global outage on Windows computers last Friday, affecting countless businesses and organizations, including airlines, hospitals, banks and telecommunications companies.
Since then, unrelated political events have drawn global attention and some of the criticism of CrowdStrike has subsided. But that doesn’t mean the security company’s woes are over. CrowdStrike CEO George Kurtz warned that the organization is still dealing with the fallout days later and that it may be weeks before it sees a full recovery.
The tweet may have been deleted
It’s been three days since the CrowdStrike global Windows outage.
CrowdStrike outage affects 8.5 million Windows computers
Microsoft revealed in a blog post on Saturday that an estimated 8.5 million Windows devices were affected by the CrowdStrike update, an undoubtedly huge number, but the company noted that it still represents “less than 1% of all Windows machines.”
“While the percentage is small, it reflects the broader economic and societal impact of CrowdStrike’s use by companies that run many essential services,” wrote David Weston, Microsoft’s vice president of enterprise and operating system security.
Mashable Lightspeed
Hundreds of U.S. flights remain canceled or delayed
Recovery times are displayed on a flight information screen in Terminal 2 at Chicago O’Hare International Airport on July 19, 2024 in Chicago, Illinois.
Credit: Anna Moneymaker/Getty Images
Airlines are working to get back on track but the effects of the CrowdStrike outage are still being felt. Flight tracking service FlightAware reported that 1,970 flights to, from and within the United States were canceled on Sunday and 9,934 were delayed.
By comparison, on Thursday, the day before the blackout, there were 932 flight cancellations and 12,579 delays.
Bad actors disguise their malware as CrowdStrike fixes
Amid the chaos on Friday, CrowdStrike CEO George Kurtz warned people to be wary of bad actors trying to exploit the situation. CrowdStrike issued a workaround for the outage, but the risk remains that malware disguised as a fix will be the first thing panicked white-collar workers encounter.
It was a fitting warning. Bleeping Computer reports that in at least two malicious campaigns, bad actors posed as CrowdStrike or BBVA Bank and instructed users to install malware. These bad actors falsely claimed that the software was an update to fix issues with CrowdStrike, but in reality it was taking over users’ computers or wiping their data.
The tweet may have been deleted
CrowdStrike outage could cost billions
As the dust settles, many are wondering who will pay for the financial damage caused by the global outage. It’s difficult to calculate the cost of CrowdStrike’s outage at this early stage, as systems are still being restored, but experts claim the figure could reach billions of dollars.
Whether CrowdStrike’s customers can sue the company for damages will depend on factors such as the exact terms of their contracts and whether the company breached them. If they can’t, victims could try to make claims such as negligence. Either way, New Zealand law firm Russell McVeagh believes a class action lawsuit is a “real possibility” given the scale of the outage.
An information screen at the Canal Street subway station in New York City on July 19, 2024 informs travelers that train schedules are not being broadcast due to a global technical outage.
Credit: Adam Gray/Getty Images
Insurers are also preparing for a flood of claims over the CrowdStrike outage, but the success of claimants will depend on the type of insurance they have: Given that the outage was not the result of a malicious attack and did not involve property damage, many are likely not to be compensated.
CrowdStrike’s shares have plummeted about 22% since Friday’s outage, wiping about $16 billion in value, and it could face further losses if it is forced to pay compensation.
