Update on CrowdStrike Outage Impact
ConnectWise
A platform of software & services built for TSPs. Follow us for product updates, company news, business advice and more.
Following the CrowdStrike/Microsoft outage, there have been reports of active phishing campaigns exploiting the incident. Threat actors are using domains such as "crowdstrikebluescreen[.]com" and "fix-crowdstrike-apocalypse[.]com" to deceive users into providing sensitive information.
These domains, identified through urlscan.io, mimic legitimate CrowdStrike support pages and prompt users to download fake updates after paying with Bitcoin or other cryptocurrency.
Users are advised to verify URLs and avoid downloading software from untrusted sources.
Understanding the impact of the CrowdStrike/Microsoft outage
What happened
In simple terms, Microsoft is currently experiencing widespread outages caused by a CrowdStrike update defect that some are calling “the largest IT outage in history”.
CrowdStrike’s President/CEO and Founder, George Kurtz, posted on LinkedIn that the company is “actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.”
According to an article on Forbes this is a global issue with widespread impact. “Planes have been grounded in the U.S., trains in the U.K. are impacted, as well as boarding scanners at Edinburgh airport in Scotland.”
Another article on WIRED states “banks, airports, TV stations, hotels, and countless other businesses are all facing widespread IT outages, leaving flights grounded and causing widespread disruption, after Windows machines have displayed errors worldwide.”
What services are affected
Due to this outage, two of ConnectWise expert services have been impacted, and we’re experiencing higher than normal volume.
Help Desk Services: The ability to email the Help Desk Services is currently unavailable and we’re unable to schedule work in advance.
NOC Services: The ability to chat with the NOC is currently unavailable.
Rest assured we’re still working to support you.
What we're doing about it
This is not a ConnectWise outage, incident or cyberattack. This is a third-party outage. We’re committed to serving our valued partners, especially during this time when you need us most. We’re augmenting our staff to handle increased call volume. This is an all hands-on-deck moment and our team is prepared to meet the increased demand for our services.
What to do as a ConnectWise partner
Within Help Desk Services, there are 4 ways partners and end customers can get in touch with us
Call
Chat
Email
PSA
Partners can leverage one of the other 3 ways to contact us
Help Desk Services: call, chat or submit a ticket through PSA. Email is currently the only method unavailable for Help Desk Services
NOC Services: call, email or submit a ticket through PSA. Chat is currently the only method disabled for NOC Services
Sr. Engineer | MSP Manager at ACS Services, Inc.
1moConnectWise had provided the following update to assist its clients should they run into BSOD (blue screen) issues: 1. Restart your computer in Safe Mode with Networking, per the required OS steps in the first article at the bottom of this post. 2. On the lock or sign-in screen, keep the Shift key pressed, click on the Power button, and then press Restart. 3. After a short while, you should see a blue screen with three options. Click or tap on the second one: Troubleshoot. 4. On the Troubleshoot screen, choose “Advanced options.” 5. Select Startup Settings. 6. Select Restart. 7. The computer restarts and enters the Startup Settings menu. Select 5 or F5 to start the computer in Safe Mode with Networking. Once in Safe Mode, please follow the recommended steps from CrowdStrike on the second article at the bottom of this post to remediate the file. First article (Start your PC in safe mode): https://support.microsoft.com/en-us/windows/start-your-pc-in-safe-mode-in-windows-92c27cff-db89-8644-1ce4-b3e5e56fe234 Second article (CrownStrike blog): https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts
CISSP | IT Security Leader | CIO & CISO Services | Sales Engineer | Empowering your Team to Secure your Future
1moThis is great information ConnectWise team! Thank you for the heads up on how bad actors are leveraging this crisis and what to look out for! Excellent, timely communication! "Threat actors are using domains such as "crowdstrikebluescreen[.]com" and "fix-crowdstrike-apocalypse[.]com" to deceive users into providing sensitive information. These domains, identified through urlscan.io, mimic legitimate CrowdStrike support pages and prompt users to download fake updates after paying with Bitcoin or other cryptocurrency."
Threat actors are always on the loose, exploiting any hot shot incident, was definitely expected. Let us always prepare for the worse and mitigate the attack surfaces.
Deliverability problem slayer, email platform and infrastructure advisor, cybersecurity enthusiast, spam filter lover, ex-data analyst, ex-chef, ex-Spanish tutor, ex-arms dealer, ex-construction worker.
1moDoing the community a service by alerting them on phishing attempts around this outage. Remain vigilant folks, the scammers are always out there looking for how they can take advantage and make a bad situation even worse.