Latest News

The CrowdStrike Blue Screen Outage

Understanding the Impact: A Deep Dive into the Recent CrowdStrike Incident

In the ever-evolving landscape of cybersecurity, incidents can arise that test the resilience and preparedness of organizations worldwide. One such event that has captured the attention of the IT community is the recent incident involving CrowdStrike, a leader in cloud-delivered endpoint and cloud workload protection.

The Incident

Late last Thursday, a third-party update from CrowdStrike led to widespread Windows Blue Screen of Death (BSOD) errors and reboot loops, affecting users globally across various industries, including banking, airlines, medical, government, and manufacturing sectors. This disruption was compounded by concurrent outages in Microsoft’s Azure and Office 365 services, which were related to the same update.

Mitigation and Response

CrowdStrike has since resolved the cause of the BSOD errors, but many systems remain affected. For those able to boot their computers into safe mode, remote connection tools like Screen Connect or Splashtop have been recommended for asset access. Additionally, if Remote Monitoring and Management (RMM) tools are configured to run in safe mode, scripts can be employed to remove the problematic C-00000291*.sys file.

Vigilance Against Impersonation

In the wake of the incident, there have been reports of impersonators posing as CrowdStrike or offering mitigation solutions. It’s crucial for organizations and individuals to remain vigilant and verify the authenticity of any communication claiming to provide support or updates related to the incident.

Looking Ahead

As the dust settles, the incident serves as a stark reminder of the importance of robust cybersecurity measures and the need for continuous vigilance. It also highlights the interconnected nature of our digital infrastructure, where a single update can have far-reaching consequences.

The IT community, including PC Systemz, continues to monitor the situation closely, ensuring that systems are restored and that lessons are learned to prevent similar occurrences in the future.

SECURITY THREAT: Ransomware

What is Ransomware

Ransomware is a type of malware that infects computers, encrypting their vital data and demanding money in the form of bitcoins to regain access.

What should you do when you discover your computer is infected with Ransomware

When you discover that a computer is infected with Ransomware, the first thing you should do is disconnect it from your wireless or wired network. This will prevent it from further encrypting any files on the network.

Then check your current backup solutions to begin restoring your information.

Is it possible to decrypt files encrypted by Ransomware?

In most case the answer unfortunately is no, therefore you must make sure your backup solutions are up to date and verified.

Will paying the ransom actually decrypt your files?

Paying the ransom is no guarantee you will have your files restored, but this is a decision you will need to make if you have no backups of vital files infected by this malware.  Paying the ransom will start the decryption process. When you pay the ransom you may or may not receive the decryptor software to start decrypting your files from the hackers.

How do you become infected with Ransomware

This infection is typically spread through emails sent to company email or remote desktop connections.

Ransomware and Networks

Ransomware can encrypt data stored on network shares if the shared folders are mapped as a drive letter on the infected computer. Despite what some articles state, Ransomware does not encrypt data on a network through UNC shares. An example of a UNC share is \computernameopenshare.

It is strongly suggested that you secure all open shares by only allowing writable access to the necessary user groups or authenticated users. This is an important security principle that should be used at all times regardless of infections like Ransomware.

Prevention

Endpoint security is a must in today’s threat landscape. All network computers should be secured with industry proven security software like Webroot, and Malwarebytes.

Most viruses and spyware issues come through web browsers and email software.  Having a secure web browser like Chrome or Firefox will help lower infection rates.  Services like Office 365 and Gmail offer better junk mail protection and lower the possibility of opening a phishing email containing a virus.

A two tier backup system will save your computer and files if you happen to be affected by this virus.  A backup software like Veeam will take a snapshot of your whole system, including files and programs.  This will allow you to restore your whole computer before the virus caused any issues.  While IDrive, another backup program can safely backup your files in the cloud.  Should your computer become compromised you can download your backed up files directly to your computer after removing the malware.

Here are a Few Tips to Follow

Use Firefox or Google Chrome as your web browser

Use secured methods of remote access

Make sure you are using a security software that is up to date, like Webroot and Malwarebytes

Make sure you are using a backup software as mentioned, like Veeam and IDrive

Please be careful what links and attachments you click on

Scroll to top