CrowdStrike outage 3 days later: Where does everything stand now?
Editor's note: Check out our oft-updated live blog for all new developments about the Microsoft/CrowdStrike outage.
Global IT systems are still recovering after a CrowdStrike update caused a massive worldwide outage of Windows computers last Friday. Countless businesses and organisations were impacted, including airlines, hospitals, banks, and telecommunications companies.
Unrelated political events have since taken centre stage, stealing the world's attention and taking some of the heat off CrowdStrike. However, that doesn't mean the security company's troubles are over. CrowdStrike CEO George Kurtz warned that it may be weeks before we see a total recovery, with organisations still dealing with the fallout days later.
Tweet may have been deleted
Here's where we are three days on from CrowdStrike's global Windows outage.
CrowdStrike outage impacted 8.5 million Windows computers
In a blog post on Saturday, Microsoft revealed that an estimated 8.5 million Windows devices were impacted by the CrowdStrike update. While that is an undeniably enormous number, the company noted that it was still "less than one percent of all Windows machines."
"While the percentage was small, the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services," wrote Microsoft's Vice President of Enterprise and OS Security David Weston.
Hundreds of U.S. flights are still being cancelled or delayed
Though airlines are working to get back on track, they're definitely still seeing the effects of the CrowdStrike outage. Flight tracker FlightAware reported that 1970 flights to, from, or within the U.S. were cancelled on Sunday, while 9934 such flights were delayed.
For comparison, there were 932 cancellations and 12,579 delays on Thursday, the day before the outage.
Bad actors have disguised malware as a CrowdStrike fix
Amidst Friday's chaos, CrowdStrike CEO George Kurtz warned people to stay vigilant for bad actors attempting to exploit the situation. Though CrowdStrike had published a workaround for the outage, the danger remains that panicking white-collar workers may first encounter malware disguised as a fix.
It was a pertinent warning. Bleeping Computer reports that bad actors posed as CrowdStrike or the BBVA Bank and instructed people to install malware in at least two nefarious campaigns. These bad actors falsely claimed the software was an update to fix the CrowdStrike issue, when instead it would hijack users' computers or wipe their data.
Tweet may have been deleted
CrowdStrike's outage could cost billions of dollars
With the dust slowly settling, many are wondering who will pay for the financial losses the global outage caused. Calculating the cost of the CrowdStrike outage is a tall order at this early stage, not in the least because systems are still recovering. However, experts claim that it could amount to billions of dollars.
Whether CrowdStrike's clients can claim compensation from the company will depend on factors such as the exact terms of their contract and whether it was breached. Failing that, those impacted may attempt to argue claims such as negligence. Either way, New Zealand law firm Russell McVeagh considers class action lawsuits "a real possibility" considering the massive scale of the outage.
Insurers are also bracing for a deluge of claims concerning CrowdStrike's outage, though claimants' success will be dependent on the type of coverage they have. Considering that the outage wasn't caused by a malicious attack and didn't involve property damage, it's likely that many won't be covered.
CrowdStrike's stock has plummeted almost 22 percent since Friday's outage, wiping around $16 billion from the company's value. If it ends up having to pay out compensation, it could be looking at even further losses.