What is CrowdStrike? Security firm at the heart of global tech outage

The CEO of cybersecurity firm CrowdStrike has apologised for triggering a global IT outage with a software update.

In the early hours of Friday morning (July 19), thousands of Windows computers began crashing. The resulting pandemonium knocked out airports, banks and supermarkets in its wake, causing widespread disruption around the world.

Experts immediately pointed the finger at CrowdStrike, a US-based company whose popular cyberattack-protection software is used by thousands of businesses around the world.

CrowdStrike CEO George Kurtz has now said the tech firm is “deeply sorry” for the issue and the global disruption it has wrought. In an interview with NBC, Kurtz said a faulty update that contained a “software bug” was the culprit, confirming what others from the firm had said earlier on Friday.

"We identified this very quickly and remediated the issue," Kurtz said, adding that its systems were constantly being updated to ward off “adversaries that are out there”.

Here’s what you need to know about CrowdStrike, the company at the heart of an “unprecedented” global tech outage.

What happened?

In the early hours of Friday morning (July 19), scores of Windows devices started crashing and showing users a blue screen of death (BSOD) error.

CrowdStrike has apologised for the outage, with the firm acknowledging a problem with its flagship product Falcon shortly after the system failure came to light.

When will it be fixed?

Although CrowdStrike’s boss Kurtz said the problem had been fixed on its end, he warned it could be “some time” before systems return to normal for everyone else.

"It's our mission... to make sure that every customer is fully recovered," Kurtz said.

Why the wait? For general users The issue is likely “still in the system, and will take time to flush through,” according to James Davenport, Hebron and Medlock professor of information technology, University of Bath.

What is CrowdStrike?

Ryanair was among many firms affected by the global IT outage (Nicholas T Ansell / PA)
Ryanair was among many firms affected by the global IT outage (Nicholas T Ansell / PA)

US-based CrowdStrike is one of the world’s most popular cybersecurity providers with a market cap of $83.48bn (£64.62bn).

To give you an idea of just how big the firm is, CrowdStrike said it had 29,000 subscribers worldwide at the end of 2023, including more than 580 patrons with deals worth $1m (£774,000).

CrowdStrike’s main product is Falcon, which is a cloud-based software built to keep hackers out of your work computer. Think of it like a tiny guard installed inside your computer that constantly keeps watch for suspicious activity and beams this info back to CrowdStrike’s command centre in the cloud to analyse using AI.

If a threat is detected, Falcon can take immediate action by quarantining infected files or devices, blocking access to dodgy websites or networks, or terminating any malicious processes.

What has CrowdStrike said about the outage?

On Friday morning, CrowdStrike said a “faulty channel file” was to blame for issues with its service after initially confirming the errors on Windows devices.

The announcement followed numerous reports claiming a botched update released by the firm had buckled Windows PCs worldwide, the ripple effects of which grounded flights, delayed trains, shuttered supermarkets and took TV stations off the air.

Computers affected by the change have been getting a blue screen error, which means they are trying to reboot but effectively can’t and so are rendered useless.

Shortly after it had conceded a problem with its software, CrowdStrike's director of threat hunting Brody Nisbet said on X (formerly Twitter): "There is a faulty channel file, so not quite an update.”

Hours later, Crowdstrike CEO George Kurtz apologised for the widespread tech calamity, and blamed it on a buggy update that buckled Microsoft’s Windows operating system.

Was it a cyberattack?

Asked if there was a chance this could have been a cyberattack, Kurtz said no.

"It wasn't a cyber attack. It was related to this, this content update," he told NBC.

What have authorities said?

The disruption was first reported in Australia, and the country’s national cyber security co-ordinator has put out a statement on X, saying it was aware of a large-scale technical outage affecting a number of companies and services.

“Our current information is this outage relates to a technical issue with a third-party software platform employed by affected companies,” the statement reads.

What do experts say about the outage?

Even before CrowdStrike’s CEO commented on the problem, experts were largely convinced the global outage wasn’t due to a cyberattack. Still, they say that the scale of the issue is unprecedented, mainly because of the ubiquity of CrowdStrike Falcon and its high-level control over Windows PCs.

“Such software is pervasive – on many if not all machines of a particular type – so a fault in the security software can bring down many computers at once,” said Professor McDermid, of the Institute for Safe Autonomy, University of York.

“Falcon is a pretty privileged piece of software in that it is able to influence how the computers it is installed on behave,” said Toby Murray, an associate professor at the School of Computing and Information Systems at The University of Melbourne.

“This has become a global phenomenon because CrowdStrike is a very large company, and a lot of companies and organisations use them to detect and protect against threats,” said Dave Parry, a dean and professor in the School of IT at Murdoch University in Perth, Australia.

Prof Parry continued: “The issue will affect very, very large numbers of machines around the world. It's not a cyber attack, but it's just an interaction of the two pieces of software."

What to do if your Windows PC is down?

Wondering how to fix your malfunctioning PC? CrowdStrike’s Nisbet has posted a partial workaround that could do the trick, as long as you have the IT skills to implement it.

The solution, which involves deleting a specific file on affected computers, is as follows:

1. Boot Windows into Safe Mode or the Windows Recovery Environment

2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory

3. Locate the file matching “C-00000291*.sys” and delete it.

4. Boot the host normally.

However, Prof Davenport warns impacted users shouldn’t reboot or restart their machines until they get the all-clear from both CrowdStrike and Microsoft, adding, “Do not accept ‘it’s gone away’ statements.”