CrowdStrike on Monday informed customers that it has tested a new technique to speed up the remediation of systems impacted by the recent bad update, and the company claims many systems have already been restored.
Roughly 8.5 million Windows devices started displaying a Blue Screen of Death (BSOD) late last week after receiving a faulty update pertaining to CrowdStrike’s Falcon product. This led to one of the worst IT failures in history, causing significant outages across several industries, including aviation, financial, healthcare, and education.
Microsoft and CrowdStrike released tools and other resources to help impacted users restore systems, but it hasn’t been an easy task for affected organizations.
On Monday, CrowdStrike announced that a significant number of devices “are back online and operational” and the company has tested a new technique that should help accelerate remediation efforts.
“We’re in the process of operationalizing an opt-in to this technique,” the company said.
It’s unclear exactly how many systems are still impacted.
Unsurprisingly, threat actors have started leveraging this incident for phishing, scams and malware delivery.
CrowdStrike warned customers on Monday that its intelligence team came across a fake recovery manual designed to download a previously unknown stealer.
The malware, now called Daolpu, is designed to collect credentials such as login data and cookies from the Chrome and Firefox browsers. The data is stored in a text file and sent to the attackers’ server.
The cybersecurity giant has also learned of other types of malicious activity, such as phishing emails apparently coming from CrowdStrike support, staff being impersonated in phone calls, and the sale of fake automated recovery scripts.
Additional news coverage from SecurityWeek and around the web:
